包含标签 2021 的文章

MySQL用户权限汇总

2021年5月24日
| MySQL

一、 全局权限,作用于整个 MySQL 实例:mysql.user表

mysql> select Host,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv , Drop_priv from mysql.user;
+-------------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+
| Host        | User             | Select_priv | Insert_priv | Update_priv | Delete_priv | Create_priv | Drop_priv |
+-------------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+
| %           | lang             | Y           | Y           | Y           | Y           | N           | N         |
| 192.168.2.% | lang             | Y           | Y           | Y           | Y           | N           | N         |
| localhost   | mysql.infoschema | Y           | N           | N           | N           | N           | N         |
| localhost   | mysql.session    | N           | N           | N           | N           | N           | N         |
| localhost   | mysql.sys        | N           | N           | N           | N           | N           | N         |
| localhost   | root             | Y           | Y           | Y           | Y           | Y           | Y         |
+-------------+------------------+-------------+-------------+-------------+-------------+-------------+-----------+
6 rows in set (0.00 sec)

二、 库级别的权限定义:mysql.db表

某个账号对某个库所拥有的权限,如下第一行结果表示用户’lang’对库’lang_test’所拥有的权限

……

阅读全文

Deployment yaml模板

2021年5月22日
| Kubernetes 
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: ${APP_NAME}
    environment: ${RUN_ENV}
  name: ${APP_NAME}
  namespace: ${NAMESPACE}
spec:
  progressDeadlineSeconds: 600
  replicas: ${REPLICAS}
  selector:
    matchLabels:
      app: ${APP_NAME}
      environment: ${RUN_ENV}
  template:
    metadata:
      labels:
        app: ${APP_NAME}
        environment: ${RUN_ENV}
      annotations:
        prometheus.io/scrape: "${ENABLE_SCRAPE}"
        prometheus.io/port: "${RUN_PORT}"
        prometheus.io/path: "${METRICS_PATH}"
        kubesphere.io/collectSavedLog: 'true'
        logging.kubesphere.io/logsidecar-config: '{"containerLogConfigs":{"${APP_NAME}":{"${APP_NAME}-log-volume":["*.log"]}}}'
    spec:
      volumes:
        - name: ${APP_NAME}-log-volume
          emptyDir: {}
        - name: heap-dumps
          emptyDir: {}
      containers:
        - name: ${APP_NAME}
          env:
            - name: JAVA_OPTS
              value: -server -Dapp.id=${APP_NAME} -Denv=${RUN_ENV} -Dapollo.cacheDir=/services/apollo -Dspring.profiles.active=${RUN_ENV} -Xms${HEAP_XMS} -Xmx${HEAP_XMX} -Xss512k -XX:ParallelGCThreads=4 -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:InitiatingHeapOccupancyPercent=45 -Xlog:gc* -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/dumper -Dsun.net.inetaddr.ttl=60 -XX:+ScavengeBeforeFullGC -XX:+CMSScavengeBeforeRemark -Dcom.sun.management.jmxremote.port=19185 -Dtomcat.base=/services/tomcat -Dio.netty.tryReflectionSetAccessible=true --add-exports java.base/jdk.internal.misc=ALL-UNNAMED -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dlog.base=/services/logs/  -verbose:gc -Xdebug -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=*:19085
          image: $REGISTRY/$DOCKERHUB_NAMESPACE/$APP_NAME:${RUN_ENV}-${BRANCH_NAME}-${COMMIT_HASH}-$DATE-${BUILD_NUMBER}
          lifecycle:
            postStart:
              exec:
                command:
                  - "sh"
                  - "-c"
                  - >
                    wget -P /services/  http://192.168.0.169:12306/download/finch.jar;
                    nohup java -Dapp.id=finch -Denv=${RUN_ENV} -jar /services/finch.jar &
          volumeMounts:
            - mountPath: "/services/logs/"
              name: ${APP_NAME}-log-volume
            - mountPath: /dumper
              name: heap-dumps
          livenessProbe:
            httpGet:
              path: ${HEALTH_PATH}
              port: ${RUN_PORT}
            initialDelaySeconds: 60
            periodSeconds: 30
            timeoutSeconds: 3
            successThreshold: 1
            failureThreshold: 10
          readinessProbe:
            httpGet:
              path: ${HEALTH_PATH}
              port: ${RUN_PORT}
            initialDelaySeconds: 60
            periodSeconds: 30
            successThreshold: 1
            failureThreshold: 10
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: ${RUN_PORT}
              protocol: TCP
          resources:
            limits:
              cpu: ${LIMIT_CPU}
              memory: ${LIMIT_MEMORY}
            requests:
              cpu: ${REQUEST_CPU}
              memory: ${REQUEST_MEMORY}
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          securityContext:
            runAsUser: 5000
            runAsGroup: 5000
            allowPrivilegeEscalation: false
        - name: dumper
          image: 'harbor.m.cn/library/dumper:1.96'
          env:
            - name: COS_BUCKETURL
              value: 'https://jvm-dump.cos.ap-guangzhou.myqcloud.com'
            - name: COS_DUMPER_ROOT
              value: /
            - name: APP_NAME
              value: ${APP_NAME}
            - name: DUMPER_ROOT
              value: /dumper/
            - name: RUN_ENV_NAME
              value: ${RUN_ENV}
          resources:
            limits:
              cpu: 4000m
              memory: 4000Mi
            requests:
              cpu: 1000m
              memory: 1000Mi
          volumeMounts:
            - name: heap-dumps
              mountPath: /dumper
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          imagePullPolicy: IfNotPresent            
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      terminationGracePeriodSeconds: 30
      imagePullSecrets:
      - name: ${IMAGE_PULL_SECRETS}
      ```
……

阅读全文

Docker镜像清理

2021年5月21日
| Kubernetes

运行docker system df 命令:

1
2
3
4
5
6

[root@VM_100_4_centos ~]# docker system df 
TYPE                TOTAL                       SIZE                RECLAIMABLE
Images              955                         77.06GB             74.21GB (96%)
Containers          65                          3.28MB              0B (0%)
Local Volumes       0                           0B                  0B
Build Cache         0                           0B                  0B

最后一列RECLAIMABLE字段标明了可回收的磁盘空间大小,此处表示有74.21GB的docker镜像可以收回,而containers、volumes等没有可回收的空间。

……

阅读全文

Hugo使用

2021年5月21日
| SoftSetting

零、 下载地址

https://github.com/gohugoio/hugo/releases

可直接运行,如创建一个blog的项目为:

……

阅读全文

Ingress_yaml nginx模板

2021年3月11日
| Kubernetes 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  namespace: ${NAMESPACE}
  name: ${APP_NAME}-ingress
  annotations:
    nginx.ingress.kubernetes.io/service-upstream: true
    nginx.ingress.kubernetes.io/ssl-redirect: true
    kubernetes.io/ingress.class: "public-nginx-ingress"
    # 重写规则,相当于location /api/
    nginx.ingress.kubernetes.io/configuration-snippet: |
      rewrite ^/api/(.*)$ /$1 break;
    kubernetes.io/ingress.rule-mix: "true"
    nginx.ingress.kubernetes.io/use-regex: "true"
spec:
  tls:
    - hosts:
      - ${PUBLIC_DOMAIN}
      secretName: ${TLS_SECRET}
  rules:
    - host: ${PUBLIC_DOMAIN}
      http:
        paths:
          - path: ${REQUEST_PATH}
            backend:
              serviceName: ${APP_NAME}
              servicePort: ${RUN_PORT}
    - host: www.tangjihede.fun
      http:
        paths:
          - path: /api/
            backend:
              serviceName: api
              servicePort: 8080
……

阅读全文

nginx ingress 注解大全

2021年3月11日
| Kubernetes 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45

# http 跳转https
nginx.ingress.kubernetes.io/ssl-redirect: true

# 腾讯云公网类型
kubernetes.io/ingress.class: "public-nginx-ingress"

# 重写规则,相当于location /api/
nginx.ingress.kubernetes.io/configuration-snippet: |
  rewrite ^/api/(.*)$ /$1 break;

# 重写
annotations:
     nginx.ingress.kubernetes.io/server-snippet: |
         rewrite ^/v4/(.*)/card/query http://foo.bar.com/v5/#!/card/query permanent;
     nginx.ingress.kubernetes.io/configuration-snippet: |
         rewrite ^/v6/(.*)/card/query http://foo.bar.com/v7/#!/card/query permanent;

# 支持websocket协议
nginx.ingress.kubernetes.io/server-snippets: |
      proxy_set_header Upgrade $http_upgrade;
      proxy_http_version 1.1;
      proxy_set_header X-Forwarded-Host $http_host;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header X-Forwarded-For $remote_addr;
      proxy_set_header Host $host;
      proxy_set_header Connection "upgrade";
      proxy_cache_bypass $http_upgrade;

# 腾讯云 https://cloud.tencent.com/document/product/457/45693
kubernetes.io/ingress.rule-mix: "true"

# 支持正则
nginx.ingress.kubernetes.io/use-regex: "true"

# 后端是https协议
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

# 白名单配置
nginx.ingress.kubernetes.io/whitelist-source-range: "58.246.135.154,58.246.135.155"

#开启ingress access日志
nginx.ingress.kubernetes.io/enable-access-log: true  

# 跨域参考
https://www.tangjihede.fun/post/LoadBalancing/%E8%B7%A8%E5%9F%9F%E9%97%AE%E9%A2%98/

链接:

……

阅读全文

  1. 1
  2. 2
  3. 3
  4. 4