承接上文k8s自动化运维十三-国产麒麟操作系统安装minikube
基于麒麟系统做如下安装
安装docker-compose
# docker-compose-Linux-aarch64
sudo curl -L "https://github.com/docker/compose/releases/download/v2.2.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose安装nacos
# https://hub.docker.com/r/nacos/nacos-server
git clone --depth 1 https://github.com/nacos-group/nacos-docker.git
# 修改版本号 nacos/nacos-server:2.0.4-slim 支持arm64架构
# https://hub.docker.com/r/nacos/nacos-server/tags?page=1&ordering=name&name=2.0.4-slim
vim example/.env
NACOS_VERSION=2.0.4-slim
docker-compose -f example/standalone-derby.yaml up -d
查看启动情况 docker ps
安装docker mysql 8
# mysql/mysql-server 该镜像支持aarch64架构
docker run --name mysql -e MYSQL_ROOT_PASSWORD=testDB! -v "/data/nfs-client/mysql/my.cnf":"/etc/mysql/my.cnf" -v "/data/nfs-client/mysql/data":/var/lib/mysql --restart=always -p 3306:3306 -d mysql/mysql-server
cat /data/nfs-client/mysql/my.cnf
[mysqld]
# 表名不区分大小写 mysql8及以上仅支持初始化的时候配置,不支持启动好之后再更改,否则会报 ERROR] [MY-011087] [Server] Different lower_case_table_names settings for server ('1') and data dictionary ('0').
lower-case-table-names=1
# mysql:5.7 支持x86-64,不支持arm64
docker run --name mysql -e MYSQL_ROOT_PASSWORD=testDB! -v "/data/nfs-client/mysql/data":/var/lib/mysql -v "/data/nfs-client/mysql/conf.d":/etc/mysql/conf.d -v "/data/nfs-client/mysql/mysql.conf.d":/etc/mysql/mysql.conf.d --restart=always -p 3306:3306 -d mysql:5.7
cat /data/nfs-client/mysql/mysql.conf.d/galaxy.cnf
[mysqld]
lower_case_table_names=1
max_connections = 1000
max_allowed_packet=50M
wait_timeout=288000
interactive_timeout = 288000
mysql不允许连接异常
java.sql.SQLException: null, message from server: "Host '172.18.0.1' is not allowed to connect to this MySQL server"
# 登录数据库实例
mysql -u root -p
use mysql;
select host from user where user='root';
update user set host = '%' where user ='root';
flush privileges;
MySQL 8: Public Key Retrieval is not allowed
Caused by: com.mysql.cj.exceptions.UnableToConnectException: Public Key Retrieval is not allowed
数据库url中添加allowPublicKeyRetrieval=true&useSSL=false
# 完整url
jdbc:mysql://192.168.49.1:3306/xibaoxiao-galaxy?serverTimezone=Asia/Shanghai&characterEncoding=utf8&allowPublicKeyRetrieval=true&useSSL=false&zeroDateTimeBehavior=convertToNull
清理磁盘空间
- 查看大目录
du -sh /* |sort -rn | head
- 进入大目录查看大文件
cd /var/lib
# 查看当前目录下大于100M的文件
find . -type f -size +100M -print0 | xargs -0 du -h | sort -nr
# 如果是日志文件
cat /dev/null > xxxx.log
- 删除无用的docker镜像
docker image rm $(docker image ls | grep "<none>" | awk -F " " '{print $3}')
# grep 筛选指定的镜像
# awk -F " " 以空格为分隔符 切分 获取镜像id值
打通k8s service与pod之间的网络
- 创建一个service
cat gateway.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: xibao-gateway
name: xibao-gateway
namespace: xibao
spec:
ports:
- name: 2pdycx1111
nodePort: 30002
port: 8092
protocol: TCP
targetPort: 8092
selector:
app: xibao-gateway
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
- 访问service的端口转发到pod内的进程上去
# service名称比如nginx-service,service的端口30084,对应pod内nginx服务中9000进程
kubectl port-forward --address 0.0.0.0 service/nginx-service 30084:9000
k8s下载镜像报错
connect: no route to host
minikube的ip是192.168.49.2,与172.17.28.172不是同一网段,镜像换成192.148.49.1:5000/xxxxx就可以了。
k8s访问docker registry 安全限制问题
# 启动minikube的时候,添加insecure-registry,允许k8s http协议访问192.168.49.1:5000
minikube start --driver=docker --image-mirror-country=cn --registry-mirror=https://kaakiyao.mirror.aliyuncs.com --insecure-registry=192.168.49.1:5000
查询git每天指定时间段内的提交记录
# 查询下午18点或早上9点之前代码提交记录 (获取每次提交记录中的小时,判断是否在指定范围内)
git log --author="mengfanxiao" --pretty=format:'%h %cn %cd %s' --date='format:%Y-%m-%d %H:%M:%S' | \
awk '{hour=0+substr($4,0,2); if(hour>18 || hour<9) printf "%-10s %-15s %-12s %-10s %-10s\n", $1, $2, $3, $4, $5 }'
# 指定日期范围
git log --committer="mengfanxiao" --after="2019/09/15 18:00:00" --before="2022/09/15 09:30:00" --pretty=format:"%an %ad : %s" --date=short --no-merges --reverse
gitlab-runner
# 支持aarch64架构的二进制可执行文件
# 使用root权限,否则可能监听不到gitlab提交的job
sudo curl -L --output /usr/local/bin/gitlab-runner "https://gitlab-runner-downloads.s3.amazonaws.com/latest/binaries/gitlab-runner-linux-arm64"
通过域名访问gitlab代码库下载代码慢的问题
可以手动将代码zip下载下来,然后上传到服务器的/usr/local/bin/builds/wEhaMhYg/0/galaxy/目录下。