包含标签 k8s articles

Huaweicloud CCE 实现容器网络隔离

一、需求 某客户需要在huaweicloud cce 容器里实现网络隔离,结合其业务情况进行分析,发现其有如下网络隔离需求: 不同 namespace 运行不同公司的业务,所以需要在 ns 级实现网络隔离; 在 cce 对应网段的 VPC 里运行还有非 CCE node 的 ECS主机,ECS也是给不同的公司使用的,对这些ECS也需要访问控制,控制其仅……

Continue reading

k8s helm安装redis

一、helm 安装 redis 通过 helm 安装redis的方法如下: 1[root@testcce-92497 ~]# helm install my-release oci://registry-1.docker.io/bitnamicharts/redis --set global.storageClass=csi-disk 2[root@testcce-92497 ~]# export REDIS_PASSWORD=$(kubectl get secret --namespace default my-release-redis -o jsonpath="{.data.redis-password}" | base64 -d) 3[root@testcce-92497 ~]# echo $REDIS_PASSWORD 4ejL6JhgNNs 5[root@testcce-92497 ~]# kubectl get pods 6NAME READY STATUS RESTARTS AGE 7my-release-redis-master-0 1/1 Running 0 2m41s 8my-release-redis-replicas-0 1/1 Running 0 2m41s 9my-release-redis-replicas-1 1/1 Running 0 100s 10my-release-redis-replicas-2 1/1 Running 0 62s 11[root@testcce-92497 ~]# kubectl get svc 12NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE 13kubernetes ClusterIP <none> 443/TCP 8d 14my-release-redis-headless ClusterIP None <none> 6379/TCP 13m 15my-release-redis-master ClusterIP <none> 6379/TCP 13m 16my-release-redis-replicas ClusterIP <none> 6379/TCP 13m 这里默认安装的是 1 master 3 replicas 架构,这个可以从 artifacthub 网站……

Continue reading

k8s StatefulSet启用Redis Cluster搭建

一、安装和配置Redis 1、无数据持久化的redis 这里先根据启用一个最简单的 Redis 服务: 1apiVersion: apps/v1 2kind: StatefulSet 3metadata: 4 name: redis 5spec: 6 selector: 7 matchLabels: 8 app: redis 9 serviceName: redis 10 replicas: 3 11 template: 12 metadata: 13 labels: 14 app: redis 15 spec: 16 containers: 17 - name: redis 18 image: redis:latest 19 ports: 20 - containerPort: 6379 21 volumeMounts: 22 - name: data 23 mountPath: /data 24 volumeClaimTemplates: 25 - metadata: 26 name: data 27 spec: 28 accessModes: ['ReadWriteOnce'] 29 storageClassName: "csi-disk" 30 resources: 31 requests: 32 storage: 1Gi 启动登录后,会发现在/data 目录……

Continue reading

Huaweicloud CCE helm install Bitnami PostgreSQL

Bitnami is a company that provides pre-packaged software stacks for popular open source applications(Belong the VMware Sub-company). Here are some of the benefits of using Bitnami stacks: Easy to install and use Regularly updated with security patches and bug fixes Available for a variety of platforms Wide range of applications available Community support So we are install the postgresql to Huaweicloud CCE platform (A famous k8s commercial platform ) today . 1. Install the helm3 Note: we need install the newest version from helm official website , we cannot use the huaweicloud official document (the website offer the old helm version , there will be have the error Error: parse error at (postgresql/templates/_helpers.tpl:164): unclosed action) Install helm command like this: 1curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get-helm-3 > get_helm.sh 2chmod 700 get_helm.sh 3./get_helm.sh 4 5# or one line command like this: 6curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash 2.……

Continue reading

k8s install PostgreSQL StatefulSet

In the following set of exercises StatefulSets are presented in a practical manner. The PostgreSQL [11] RDBMS is used as an example as the database is both widely known and of great utility to any developer. The goal of the exercises are not to build a production grade automation for PostgreSQL but to illustrate StatefulSet concepts. Designing the StatefulSet In order to create the PostgreSQL StatefulSet we proceed with the following steps: Identify or build (a) container image(s) Specify a headless Service Specify a StatefulSet Provision the Service and StatefulSet Conduct simple experiments Start with finding a container image. The Container Image An essential part of the StatefulSet for PostgreSQL is the database server itself. Luckily, there is no need to containerize PostgreSQL as this as already been done. Hence, use the official PostgreSQL Docker Image found at Docker Hub [1].……

Continue reading


当你在 Kubernetes 中创建 Pod 时会发生什么?一个令人惊讶的简单任务揭示了一个复杂的工作流程,该工作流涉及集群中的多个组件。 1、kubectl执行YAML文件 让我们从显而易见的开始:kubectl 将 YAML 定义发送到 API 服务器。在此步骤中,kubectl执行如下步骤: 使用 OpenAPI (Swagger) 发现 API Endpoints 协商……

Continue reading


调度程序决定 pod 在集群中的部署位置,这听起来像是一项简单的工作,但它相当复杂!当使用 kubectl 提交部署时,API 服务器会收到请求,并将资源存储在 etcd 中。 一、谁创建了 Pod? 一个常见的误解是创建 pod 是调度程序的工作。相反,控制器管理器创建它们(以及关联的 ReplicaSet)。 此时,pod 在 etcd 中……

Continue reading


Amazon Web Services (AWS) provides more than 200 services. Among those, Amazon Elastic Compute Service (ECS), Elastic Kubernetes Service (EKS), and AWS Fargate help deploy and manage containers. Choosing between these services can be challenging. They seem similar on the surface (and are all popular). But each offers unique benefits and limitations. In this guide, we compare the three services, discussing the best use cases for each, and helping you choose the best fit for your business. How To Compare ECS Vs. EKS Vs. Fargate To understand how EKS, ECS, and Fargate differ, consider how AWS’s container services are organized. AWS Registry services enable you to store and manage container images. Amazon Elastic Container Registry (ECR) is in this category. AWS Orchestration services let you manage where and when your containers run. The two services in this category are Amazon ECS and Amazon EKS.……

Continue reading

Kubernetes Secrets值验证

一、secrets创建 secrets创建方法常见的有三种: kubectl命令直接创建 kubectl命令从文件中获取 通过yaml文件创建 具体如下: 1# 方法1: 2$ kubectl create secret generic <secret-name> --from-literal=iamAdminPasswordKey=<password> --namespace <namespace> 3 4$ kubectl create secret generic cncc-iam-secret --from-literal=iamAdminPasswordKey=cncciampasswordvalue --namespace cncc 5$ kubectl describe secret cncc-iam-secret -n cncc 6 7# 方法2: 8echo -n 'admin' > ./username.txt 9echo -n '1f2d1e2e67df' > ./password.txt 10 11kubectl create secret generic db-user-pass \ 12 --from-file=./username.txt \ 13 --from-file=./password.txt 14 15# 方法3: 16echo -n 'admin'……

Continue reading

Latest articles



ACL AD AES AI AWS Ansible Atlassian Azure BMC Blockchain Brocade CDH5 CL210 Cobbler Confd C语言 DDOS DISTINCT DNS Duckdb EKS ELK GCP Ghost Git Glusterfs Go Godaddy Grafana HBA HCIE Hotspot HttpWatch IBM IIS IOS InfluxDB Ingress InnoDB JavaScript Jinja2 KVM Keepalived Mplayer MySQLdb Netlify OpenResty PM PostgreSQL QoS RH318 RH442 RHCA RHCE RHEV RSA SRE SecureCRT Statuscode SublimeText2 TC Telecom Tencentcloud VBA aira2 alpine android anpic apache apm apparmor appfog apr apt-get aria2 array atop audit awk awstats axel backdoor backup bamboo bash bat benchmark bigdata bin bind bitwise book bootstrap bsd c1000 cache capistrano catlog centos centos7 chatops chattr check_mk checkinstall cisco clearall clickhouse cloud-desktop cmdb cms collectd comm compress conver corosync cpu crontab crunchbang css curl date decode dell desktop devops df dhcp diff diskpart django docker dos2unix dpkg drupal etcd excel fail2ban fastcgi fdisk fiddler find firewalld flask flvtool ftp function fuser geek gin github gitlab glances golang google gooupadd graphviz gravatra grep grub2 hadoop haproxy hardware heartbeat helm hexdump hhvm history html http/html/web httplogs https huawei huaweicloud hugo icmp iconv ifconfig inotify iopp ipmitool iptables iredmail iscsi isito it-news java jdk jenkins jira join joomla k3s k8s kdump kernel kingate lamp last leetcode lib light-http linux linux高级篇 ln ls lsi lsof lvm lvs mac mail man mark markdown matplotlib maven memcached microservice mimikatz mkdocs mkpasswd mmonit mod_jk mongodb monit monitor mono moodle mosh mount mpm mrtg mtr my.cnf mysql mysqlbinlog mysqld_multi mysqldump mysqlhotcopy nagios nc nethogs nexus nfs nginx nmon nocatlog node.js nrpe ntfs ntop ntp obs ocr open-falcon openbox opencv openldap openssl openstack oracle oswatch paas pacemaker pam pandas parted pcp pcre pdf percona perl pexpect pgrep php php-fpm ping plsql develope postfix powershell prettify proc prometheus puppeteer pushd pwgen pxe pyecharts python python模块 radmin raid rdesktop read redhat redis redmine regex rh134 rhel7 rhel8 rm rman rootkit route rpm rpmforge rrdtool rsync rsyslog safe saltstack samba scapy screen sed selenium selinux seo seq session set shc sheepdog shell shopt sitemap skydns smokeping snffier snmp socket soft sort spider sql sqlserver squid ss ssh sshpass strace strings su sudo suse svn sysbench syslog-ng sysstat systemd t tar tcpcopy tcpdump tech telnet tengine test testlink threads time tmux tomcat touch tr tsar twisted ubuntu udev ulimit unix unixbench user-agent useradd varnish vbs vercel vi vim visudo vmstat vmware vnc voice vpn vscode vsftp vsftpd vue watchdog web webcam webistrano wget wiki windows wol wordpress workshop wsl x-windows xampp xcache xmllint xtrabackup yule yum zabbix zeromq zip zonetime zookeeper 下载工具 云主机 云原生 代理 加密 古意 吐槽 圈里圈外 娱乐 字符串函数 安全 平台架构 意林 推理 提权 故事汇 故障案例 数据结构 每日看点 民国史 生活 科学记录 站长管理工具 算法 管理 网站架构 翻墙 股票 行业 诗韵 负载均衡 远程管理 面试题