ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable. This page provides a series of usage examples demonstrating how to create ConfigMaps and configure Pods using data stored in ConfigMaps.
ConfigMaps允许您将配置构件与映像内容解耦,以保持容器化应用程序的可移植性。这个页面提供了一系列使用示例,演示如何使用ConfigMaps中存储的数据创建ConfigMaps和配置Pods。
用kubectl create configmap创建
kubectl create configmap <map-name> <data-source>
--from-file
--from-file 可以跟路径,可以跟单个文件,可以多次使用跟多个文件
mkdir -p configure-pod-container/configmap/ # Download the sample files into `configure-pod-container/configmap/` directory wget https://kubernetes.io/examples/configmap/game.properties -O configure-pod-container/configmap/game.properties wget https://kubernetes.io/examples/configmap/ui.properties -O configure-pod-container/configmap/ui.properties # Create the configmap kubectl create configmap game-config --from-file=configure-pod-container/configmap/ kubectl create configmap game-config-2 --from-file=config
flagger
https://github.com/weaveworks/flagger
主要是推进
Flagger是Kubernetes公司的运营商,该公司使用Istio、Linkerd、App Mesh、NGINX、等高线或Gloo路由来自动提升canary部署,并使用Prometheus指标进行canary分析。canary分析可以通过webhook进行扩展,以运行验收测试、负载测试或任何其他自定义验证。
https://docs.flagger.app/usage/how-it-works
flagger 可以通过配置一个名为canary的自定义资源,将Kubernetes工作负载的发布过程自动化。
A canary resource can target a Kubernetes Deployment or DaemonSet.
Kubernetes Deployment example:
Based on the above configuration, Flagger generates the following Kubernetes objects:
deployment/<targetRef.name>-primary
hpa/<autoscalerRef.name>-primary
Flagger will detect changes to the target deployment (including secrets and configmaps) and will perform a canary analysis before promoting the new version as primary.
If the target deployment uses secrets and/or configmaps, Flagger will create a copy of each object using the -primary
prefix and will reference these objects in the primary deployment、
Note that the target deployment must have a single label selector in th
设置密码复杂度
http://www.linux-pam.org/Linux-PAM-html/sag-pam_cracklib.html
安装libpam-cracklib
apt-get install libpam-cracklib
修改文件 /etc/pam/common-password
中的配置,修改完保存即生效。
如果有加enforce_for_root ,则对root 有效。
默认对root无效。 当root 为操作修改的用户时,虽然会提示,但是仍能修改成功。
vi common-password
password requisite pam_cracklib.so retry=3 minlen=8 difok=3 dcredit=-1 ocredit=-1 enforce_for_root
以上例子为:可重试三次,密码最少8个字符,与旧密码至少3个字符不同,至少一个数字,至少一个符号,对root操作也有效。
http://www.linux-pam.org/Linux-PAM-html/sag-pam_cracklib.html
-----------------
difok=N
This argument will change the default of 5 for the number of character changes in the new password that differentiate it from the old password.
minlen=N
The minimum acceptable size for the new password (plus one if credits are not disabled which is the default). In addition to the number of characters in the new password, credit (of +1 in length) is given for each different kind of character (other, upper, lower and digit). The default for this parameter is 9 whic
https://github.com/tektoncd/pipeline
The Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines.
Tekton管道项目为声明CI/ cd风格的管道提供了k8风格的资源。
kubectl apply --filename https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
curl -LO https://github.com/tektoncd/cli/releases/download/v0.7.1/tkn_0.7.1_Linux_x86_64.tar.gz
# Change destination directory as needed
tar xvzf tkn_0.7.1_Linux_x86_64.tar.gz -C ~/bin
kubectl apply --filename https://github.com/tektoncd/dashboard/releases/download/v0.5.1/tekton-dashboard-release.yaml
默认镜像源安装时的问题解决:
其中:https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml
https://github.com/tektoncd/dashboard/releases/download/v0.5.1/tekton-dashboard-release.yaml
两个yaml 中创建资源时,pull 镜像用的镜像库是国外的,gcr.io 需要替换成国内的镜像源:gcr.azk8s.cn
如果使用原来的gcr.io , 资源创建成功后在启动的过程中,pod状态一直是 imagepullbackoff , 查看pod 内部,是无法pull 镜像所致。
get pods --na
新装系统 ubuntu 时,安装界面会让我们新建一个非root帐号,这个帐号有sudo 权限,记住装机时设置的用户密码。
在安装界面 安装预装软件时,最好将ssh勾上, 这样在初始设置时会比较方便一点。
1. 从普通用户登入root
Login: username
password:username-password
进入系统之后,执行
sudo passwd
输入三次密码,第一次为用户自己的密码,第二次第三次为root的新密码和密码确认。
看到提示密码修改成功之后,执行su , 输入刚刚设置的root 密码,切换到root 用户。
su
2.设置静态ip
ubuntu 18 和 14 的网络配置方式不同,ubuntu 18 需要设置netplan下的XXXX.yaml
其中注意使用yaml 的格式。
注意gateway4 表示ip4的gw ,以及gw 这一行不需要方括号 [ ]
dns 的ip应该再缩进一层再书写。
修改完毕之后,netplan apply 使用配置生效。
root@vm3:~# cd /etc/netplan root@vm3:~# cat /etc/netplan/01-netcfg.yaml # This file describes the network interfaces available on your system # For more information, see netplan(5). network: version: 2 renderer: networkd ethernets: ens3: addresses: [172.0.11.155/24] gateway4: 172.0.11.1 nameservers: addresses: [8.8.8.8, 114.114.114.114] dhcp4: no dhcp6: no root@vm3:~# netplan apply
3. 允许root 使用ssh 远程登录
修改PermitRootLogin项的值为yes , 然后重启ssh 服务
root@vm3:~# cat /etc/ssh/sshd_config | grep Root # the setting of "PermitR
在Centos 7.6 中,进行kvm 安装,virt-install 之后,在图形图面中,鼠标可以使用,键盘不可以使用,按键之后图形界面无反应,但是每按一次键盘CLI终端有一行warning 输出。
(virt-viewer:32227): GSpice-CRITICAL **: 02:22:38.179: send_key: assertion 'scancode != 0' failed
virt-install --name vm1 -r 8192 --disk path=/var/lib/libvirt/images/vm1.img,size=20 --vcpu=2 --network bridge=br0,model=e1000 --cdrom=/public/ubuntu-18.04.2-server-amd64.iso Starting install... Allocating 'vm1.img' | 20 GB 00:00:01 (virt-viewer:32227): GSpice-WARNING **: 02:22:36.541: PulseAudio context failed Connection refused (virt-viewer:32227): GSpice-WARNING **: 02:22:36.541: pa_context_connect() failed: Connection refused (virt-viewer:32227): GSpice-WARNING **: 02:22:36.605: Warning no automount-inhibiting implementation available (virt-viewer:32227): vnc-keymap-WARNING **: 02:22:36.642: Unknown keycode mapping '(null)'. Please report to gtk-vnc-list@gnome.org including
1. Node status is NotReady 之一
Container Runtime Version: docker://Unknown
查看node 状态,发现是节点的状态是 Notready
kubectl get nodes NAME STATUS ROLES AGE VERSION vm1 Ready master 13d v1.12.5 vm2 NotReady <none> 13d v1.12.5
查看node 状态,发现是节点上的docker 版本有问题
kubectl describe node vm2 System Info: ...... Container Runtime Version: docker://Unknown
登录node , 发现docker 被删除了,重装node 的docker , 重启 docker
systemctl restart docker systemctl status docker
再回到master ,查看node 的状态,变成 ready 。 System Info 下 的 container runtime....
$ kubectl get nodes NAME STATUS ROLES AGE VERSION vm1 Ready master 13d v1.12.5 vm2 Ready <none> 13d v1.12.5 $ kubectl describe node vm2 Name: vm2 ....... System Info: ..... Container Runtime Version: docker://18.6.3
2. Node status is NotReady 之二
runtime network not ready: NetworkReady=false
查看node 状态,发现是节点的状态是 Notready
Conditions: Type Status LastHeartbeatTime LastTransitionTime
https://rancher.com/docs/rancher/v2.x/en/
https://rancher.com/docs/rancher/v2.x/en/overview/architecture-recommendations/
https://rancher.com/docs/rancher/v2.x/en/quick-start-guide/deployment/quickstart-manual-setup/
sudo docker run -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher
当启动后无法访问查看容器log,发现以下error 时,加一个--privileged
Error: rancher can not be ran without --privileged flag outside kubernetes.
docker container ls docker container logs 3aa2569cda85 docker container stop 3aa2569cda85 docker run --privileged -d --restart=unless-stopped -p 80:80 -p 443:443 rancher/rancher docker container logs c554478d2aaa554565d29bf2ef6a32b45f920592b719057f7e8722bf6b6d559e
第一次打开:https://172.0.11.153/
设置管理员密码,url 之后进入网页界面:
通过Rancher 创建一个集群:
From the Clusters page, click Add Cluster.
Choose Custom.
Enter a Cluster Name.
Skip Member Roles and Cluster Options. We’ll tell you about them later.
Click Next.
From Node Role, select all the roles: etcd, Control, and Worker.
Optional: Rancher auto-det
https://cloudinit.readthedocs.io/en/latest/topics/modules.htm
https://cloudinit.readthedocs.io/en/latest/topics/examples.html
安装工具:
apt-get install cloud-init
使用cloud-localds命令生成一个seed.img , 然后在virt-install qcow2 image 的时候同时指定这个seed.img
即 把初始化镜像时的自定义修改放到seed.img中, 然后将它作为一个参数传给kvm 。
cloud-localds seed.img user-data meta-data
这个命令是指user-data meta-data 中的配置加载到seed.img ,并生成seed.img 。 所以首先我们要编辑user-data meta-data 。格式与yaml相同。用法参见https://cloudinit.readthedocs.io/en/latest/topics/examples.html
注意,write file 是生成新文件,会覆盖。如要修改已有文件的个别部分,应该修改后的全文贴入对应部分
生成seed.img 之后,virt-install 时加上--disk path=/vob/cloud-init/seed.img,bus=virtio,format=raw
qemu-img resize xxxx.qcow2 +30G virt-install -d --connect qemu:///system --name casa-mobile-a -r 61440 --vcpus 4 --cpu host \ --disk path=/vob/cloud-init/xxxxxxx.qcow2,format=qcow2,bus=virtio --import \ --disk path=/vob/cloud-init/seed.img,bus=virtio,format=raw \ --autostart --noautoconsole
user-data 的一个示例,必须是以#cloud-config 开头
还可用于修改root 密码之类的变更,用passwd 。
写