Huaweicloud CCE 实现容器网络隔离
一、需求 某客户需要在huaweicloud cce 容器里实现网络隔离,结合其业务情况进行分析,发现其有如下网络隔离需求: 不同 namespace 运行不同公司的业务,所以需要在 ns 级实现网络隔离; 在 cce 对应网段的 VPC 里运行还有非 CCE node 的 ECS主机,ECS也是给不同的公司使用的,对这些ECS也需要访问控制,控制其仅……
包含标签 k8s articles
k8s helm安装redis
一、helm 安装 redis 通过 helm 安装redis的方法如下: 1[root@testcce-92497 ~]# helm install my-release oci://registry-1.docker.io/bitnamicharts/redis --set global.storageClass=csi-disk 2[root@testcce-92497 ~]# export REDIS_PASSWORD=$(kubectl get secret --namespace default my-release-redis -o jsonpath="{.data.redis-password}" | base64 -d) 3[root@testcce-92497 ~]# echo $REDIS_PASSWORD 4ejL6JhgNNs 5[root@testcce-92497 ~]# kubectl get pods 6NAME READY STATUS RESTARTS AGE 7my-release-redis-master-0 1/1 Running 0 2m41s 8my-release-redis-replicas-0 1/1 Running 0 2m41s 9my-release-redis-replicas-1 1/1 Running 0 100s 10my-release-redis-replicas-2 1/1 Running 0 62s 11[root@testcce-92497 ~]# kubectl get svc 12NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 13kubernetes ClusterIP 10.247.0.1 <none> 443/TCP 8d 14my-release-redis-headless ClusterIP None <none> 6379/TCP 13m 15my-release-redis-master ClusterIP 10.247.153.87 <none> 6379/TCP 13m 16my-release-redis-replicas ClusterIP 10.247.3.245 <none> 6379/TCP 13m 这里默认安装的是 1 master 3 replicas 架构,这个可以从 artifacthub 网站……
k8s StatefulSet启用Redis Cluster搭建
一、安装和配置Redis 1、无数据持久化的redis 这里先根据启用一个最简单的 Redis 服务: 1apiVersion: apps/v1 2kind: StatefulSet 3metadata: 4 name: redis 5spec: 6 selector: 7 matchLabels: 8 app: redis 9 serviceName: redis 10 replicas: 3 11 template: 12 metadata: 13 labels: 14 app: redis 15 spec: 16 containers: 17 - name: redis 18 image: redis:latest 19 ports: 20 - containerPort: 6379 21 volumeMounts: 22 - name: data 23 mountPath: /data 24 volumeClaimTemplates: 25 - metadata: 26 name: data 27 spec: 28 accessModes: ['ReadWriteOnce'] 29 storageClassName: "csi-disk" 30 resources: 31 requests: 32 storage: 1Gi 启动登录后,会发现在/data 目录……
Huaweicloud CCE helm install Bitnami PostgreSQL
Bitnami is a company that provides pre-packaged software stacks for popular open source applications(Belong the VMware Sub-company).
Here are some of the benefits of using Bitnami stacks:
Easy to install and use Regularly updated with security patches and bug fixes Available for a variety of platforms Wide range of applications available Community support So we are install the postgresql to Huaweicloud CCE platform (A famous k8s commercial platform ) today .
1. Install the helm3 Note: we need install the newest version from helm official website , we cannot use the huaweicloud official document (the website offer the old helm version , there will be have the error Error: parse error at (postgresql/templates/_helpers.tpl:164): unclosed action)
Install helm command like this:
1curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get-helm-3 > get_helm.sh 2chmod 700 get_helm.sh 3./get_helm.sh 4 5# or one line command like this: 6curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash 2.……
k8s install PostgreSQL StatefulSet
In the following set of exercises StatefulSets are presented in a practical manner. The PostgreSQL [11] RDBMS is used as an example as the database is both widely known and of great utility to any developer. The goal of the exercises are not to build a production grade automation for PostgreSQL but to illustrate StatefulSet concepts.
Designing the StatefulSet In order to create the PostgreSQL StatefulSet we proceed with the following steps:
Identify or build (a) container image(s) Specify a headless Service Specify a StatefulSet Provision the Service and StatefulSet Conduct simple experiments Start with finding a container image.
The Container Image An essential part of the StatefulSet for PostgreSQL is the database server itself. Luckily, there is no need to containerize PostgreSQL as this as already been done. Hence, use the official PostgreSQL Docker Image found at Docker Hub [1].……
华为云CCE启用Nginx Ingress对接后端ClusterIP服务
一、背景 同事在对某公司进行华为CCE k8s容器应用部署时,遇到了客户没有使用默认ELB Ingress,而需要使用Nginx Ingress的情况,而Nginx Ingress想要使用后面 ClusterIP 来暴漏服务,而不是使用 Nodeport。 先说下什么是Ingress?Ingress是Kubern……
在k8s中创建pod时发生了什么
当你在 Kubernetes 中创建 Pod 时会发生什么?一个令人惊讶的简单任务揭示了一个复杂的工作流程,该工作流涉及集群中的多个组件。 1、kubectl执行YAML文件 让我们从显而易见的开始:kubectl 将 YAML 定义发送到 API 服务器。在此步骤中,kubectl执行如下步骤: 使用 OpenAPI (Swagger) 发现 API Endpoints 协商……
k8s调度深入刨析
调度程序决定 pod 在集群中的部署位置,这听起来像是一项简单的工作,但它相当复杂!当使用 kubectl 提交部署时,API 服务器会收到请求,并将资源存储在 etcd 中。 一、谁创建了 Pod? 一个常见的误解是创建 pod 是调度程序的工作。相反,控制器管理器创建它们(以及关联的 ReplicaSet)。 此时,pod 在 etcd 中……
AWS ECS-EKS-Fargate
Amazon Web Services (AWS) provides more than 200 services. Among those, Amazon Elastic Compute Service (ECS), Elastic Kubernetes Service (EKS), and AWS Fargate help deploy and manage containers.
Choosing between these services can be challenging. They seem similar on the surface (and are all popular). But each offers unique benefits and limitations.
In this guide, we compare the three services, discussing the best use cases for each, and helping you choose the best fit for your business.
How To Compare ECS Vs. EKS Vs. Fargate To understand how EKS, ECS, and Fargate differ, consider how AWS’s container services are organized.
AWS Registry services enable you to store and manage container images. Amazon Elastic Container Registry (ECR) is in this category. AWS Orchestration services let you manage where and when your containers run. The two services in this category are Amazon ECS and Amazon EKS.……
Kubernetes Secrets值验证
一、secrets创建 secrets创建方法常见的有三种: kubectl命令直接创建 kubectl命令从文件中获取 通过yaml文件创建 具体如下: 1# 方法1: 2$ kubectl create secret generic <secret-name> --from-literal=iamAdminPasswordKey=<password> --namespace <namespace> 3 4$ kubectl create secret generic cncc-iam-secret --from-literal=iamAdminPasswordKey=cncciampasswordvalue --namespace cncc 5$ kubectl describe secret cncc-iam-secret -n cncc 6 7# 方法2: 8echo -n 'admin' > ./username.txt 9echo -n '1f2d1e2e67df' > ./password.txt 10 11kubectl create secret generic db-user-pass \ 12 --from-file=./username.txt \ 13 --from-file=./password.txt 14 15# 方法3: 16echo -n 'admin'……