k8s自动化运维十四

·  阅读 44

承接上文k8s自动化运维十三-国产麒麟操作系统安装minikube

基于麒麟系统做如下安装

安装docker-compose

# docker-compose-Linux-aarch64

sudo curl -L "https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose
复制代码

docker-compose安装nacos

# https://hub.docker.com/r/nacos/nacos-server

git clone --depth 1 https://github.com/nacos-group/nacos-docker.git

# 修改版本号 nacos/nacos-server:2.0.4-slim 支持arm64架构

# https://hub.docker.com/r/nacos/nacos-server/tags?page=1&ordering=name&name=2.0.4-slim

vim example/.env

NACOS_VERSION=2.0.4-slim

docker-compose -f example/standalone-derby.yaml up -d
复制代码

image.png

查看启动情况 docker ps

image.png

安装docker mysql 8

# mysql/mysql-server 该镜像支持aarch64架构

docker run --name mysql -e MYSQL_ROOT_PASSWORD=testDB! -v "/data/nfs-client/mysql/my.cnf":"/etc/mysql/my.cnf" -v "/data/nfs-client/mysql/data":/var/lib/mysql --restart=always -p 3306:3306 -d mysql/mysql-server

cat /data/nfs-client/mysql/my.cnf
[mysqld]

# 表名不区分大小写 mysql8及以上仅支持初始化的时候配置,不支持启动好之后再更改,否则会报 ERROR] [MY-011087] [Server] Different lower_case_table_names settings for server ('1') and data dictionary ('0').

lower-case-table-names=1


# mysql:5.7 支持x86-64,不支持arm64

docker run --name mysql -e MYSQL_ROOT_PASSWORD=testDB! -v "/data/nfs-client/mysql/data":/var/lib/mysql -v "/data/nfs-client/mysql/conf.d":/etc/mysql/conf.d -v "/data/nfs-client/mysql/mysql.conf.d":/etc/mysql/mysql.conf.d --restart=always -p 3306:3306 -d mysql:5.7

cat /data/nfs-client/mysql/mysql.conf.d/galaxy.cnf 

[mysqld]
lower_case_table_names=1
max_connections = 1000
max_allowed_packet=50M
wait_timeout=288000
interactive_timeout = 288000
复制代码

mysql不允许连接异常

java.sql.SQLException: null,  message from server: "Host '172.18.0.1' is not allowed to connect to this MySQL server"

# 登录数据库实例

mysql -u root -p

use mysql;

select host from user where user='root';

update user set host = '%' where user ='root';

flush privileges;
复制代码

MySQL 8: Public Key Retrieval is not allowed

Caused by: com.mysql.cj.exceptions.UnableToConnectException: Public Key Retrieval is not allowed

数据库url中添加allowPublicKeyRetrieval=true&useSSL=false

# 完整url

jdbc:mysql://192.168.49.1:3306/xibaoxiao-galaxy?serverTimezone=Asia/Shanghai&characterEncoding=utf8&allowPublicKeyRetrieval=true&useSSL=false&zeroDateTimeBehavior=convertToNull
复制代码

清理磁盘空间

  • 查看大目录
du -sh /* |sort -rn | head
复制代码

image.png

  • 进入大目录查看大文件
cd /var/lib

# 查看当前目录下大于100M的文件

find . -type f -size +100M -print0 | xargs -0 du -h | sort -nr

# 如果是日志文件

cat /dev/null > xxxx.log
复制代码
  • 删除无用的docker镜像
docker image rm $(docker image ls  | grep "<none>" | awk -F " " '{print $3}')

# grep 筛选指定的镜像

# awk -F " " 以空格为分隔符 切分 获取镜像id值
复制代码

打通k8s service与pod之间的网络

  • 创建一个service
cat gateway.yaml 

apiVersion: v1
kind: Service
metadata:
  labels:
    app: xibao-gateway
  name: xibao-gateway
  namespace: xibao
spec:
  ports:
    - name: 2pdycx1111
      nodePort: 30002
      port: 8092
      protocol: TCP
      targetPort: 8092
  selector:
    app: xibao-gateway
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}
复制代码
  • 访问service的端口转发到pod内的进程上去
# service名称比如nginx-service,service的端口30084,对应pod内nginx服务中9000进程

kubectl port-forward --address 0.0.0.0 service/nginx-service 30084:9000
复制代码

image.png

k8s下载镜像报错

connect: no route to host

image.png

image.png

minikube的ip是192.168.49.2,与172.17.28.172不是同一网段,镜像换成192.148.49.1:5000/xxxxx就可以了。

k8s访问docker registry 安全限制问题

image.png

# 启动minikube的时候,添加insecure-registry,允许k8s http协议访问192.168.49.1:5000

minikube start --driver=docker --image-mirror-country=cn --registry-mirror=https://kaakiyao.mirror.aliyuncs.com --insecure-registry=192.168.49.1:5000
复制代码

查询git每天指定时间段内的提交记录

# 查询下午18点或早上9点之前代码提交记录 (获取每次提交记录中的小时,判断是否在指定范围内)

git log --author="mengfanxiao" --pretty=format:'%h %cn %cd %s' --date='format:%Y-%m-%d %H:%M:%S' | \
awk '{hour=0+substr($4,0,2); if(hour>18 || hour<9) printf "%-10s %-15s %-12s %-10s %-10s\n", $1, $2, $3, $4, $5 }'


# 指定日期范围

git log --committer="mengfanxiao" --after="2019/09/15 18:00:00" --before="2022/09/15 09:30:00" --pretty=format:"%an %ad : %s" --date=short --no-merges --reverse
复制代码

gitlab-runner

# 支持aarch64架构的二进制可执行文件

# 使用root权限,否则可能监听不到gitlab提交的job

sudo curl -L --output /usr/local/bin/gitlab-runner "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-arm64"
复制代码

通过域名访问gitlab代码库下载代码慢的问题

image.png

可以手动将代码zip下载下来,然后上传到服务器的/usr/local/bin/builds/wEhaMhYg/0/galaxy/目录下。

分类:
后端
标签:
收藏成功!
已添加到「」, 点击更改