分类默认分类下的文章 - 小陈运维

登录 / 注册

chenby

累计撰写 199 篇文章
累计收到 124 条评论

搜索到 199 篇与默认分类的结果

2022-04-21
在k8s（kubernetes）上安装 ingress V1.1.3 介绍Ingress 公开了从集群外部到集群内服务的 HTTP 和 HTTPS 路由。流量路由由 Ingress 资源上定义的规则控制。下面是一个将所有流量都发送到同一 Service 的简单 Ingress 示例：写入配置文件，并执行[root@hello ~/yaml]# vim deploy.yaml [root@hello ~/yaml]# [root@hello ~/yaml]# [root@hello ~/yaml]# cat deploy.yaml apiVersion: v1 kind: Namespace metadata: name: ingress-nginx labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx --- # Source: ingress-nginx/templates/controller-serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx namespace: ingress-nginx automountServiceAccountToken: true --- # Source: ingress-nginx/templates/controller-configmap.yaml apiVersion: v1 kind: ConfigMap metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx data: allow-snippet-annotations: 'true' --- # Source: ingress-nginx/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm name: ingress-nginx rules: - apiGroups: - '' resources: - configmaps - endpoints - nodes - pods - secrets - namespaces verbs: - list - watch - apiGroups: - '' resources: - nodes verbs: - get - apiGroups: - '' resources: - services verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - ingresses verbs: - get - list - watch - apiGroups: - '' resources: - events verbs: - create - patch - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - networking.k8s.io resources: - ingressclasses verbs: - get - list - watch --- # Source: ingress-nginx/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm name: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ingress-nginx subjects: - kind: ServiceAccount name: ingress-nginx namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx namespace: ingress-nginx rules: - apiGroups: - '' resources: - namespaces verbs: - get - apiGroups: - '' resources: - configmaps - pods - secrets - endpoints verbs: - get - list - watch - apiGroups: - '' resources: - services verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - ingresses verbs: - get - list - watch - apiGroups: - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - networking.k8s.io resources: - ingressclasses verbs: - get - list - watch - apiGroups: - '' resources: - configmaps resourceNames: - ingress-controller-leader verbs: - get - update - apiGroups: - '' resources: - configmaps verbs: - create - apiGroups: - '' resources: - events verbs: - create - patch --- # Source: ingress-nginx/templates/controller-rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx namespace: ingress-nginx roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ingress-nginx subjects: - kind: ServiceAccount name: ingress-nginx namespace: ingress-nginx --- # Source: ingress-nginx/templates/controller-service-webhook.yaml apiVersion: v1 kind: Service metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller-admission namespace: ingress-nginx spec: type: ClusterIP ports: - name: https-webhook port: 443 targetPort: webhook appProtocol: https selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-service.yaml apiVersion: v1 kind: Service metadata: annotations: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx spec: type: NodePort externalTrafficPolicy: Local ipFamilyPolicy: SingleStack ipFamilies: - IPv4 ports: - name: http port: 80 protocol: TCP targetPort: http appProtocol: http - name: https port: 443 protocol: TCP targetPort: https appProtocol: https selector: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller --- # Source: ingress-nginx/templates/controller-deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: ingress-nginx-controller namespace: ingress-nginx spec: selector: matchLabels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller revisionHistoryLimit: 10 minReadySeconds: 0 template: metadata: labels: app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/component: controller spec: dnsPolicy: ClusterFirst containers: - name: controller image: registry.cn-hangzhou.aliyuncs.com/chenby/controller:v1.1.3 imagePullPolicy: IfNotPresent lifecycle: preStop: exec: command: - /wait-shutdown args: - /nginx-ingress-controller - --election-id=ingress-controller-leader - --controller-class=k8s.io/ingress-nginx - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - --validating-webhook=:8443 - --validating-webhook-certificate=/usr/local/certificates/cert - --validating-webhook-key=/usr/local/certificates/key securityContext: capabilities: drop: - ALL add: - NET_BIND_SERVICE runAsUser: 101 allowPrivilegeEscalation: true env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace - name: LD_PRELOAD value: /usr/local/lib/libmimalloc.so livenessProbe: failureThreshold: 5 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 readinessProbe: failureThreshold: 3 httpGet: path: /healthz port: 10254 scheme: HTTP initialDelaySeconds: 10 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 ports: - name: http containerPort: 80 protocol: TCP - name: https containerPort: 443 protocol: TCP - name: webhook containerPort: 8443 protocol: TCP volumeMounts: - name: webhook-cert mountPath: /usr/local/certificates/ readOnly: true resources: requests: cpu: 100m memory: 90Mi nodeSelector: kubernetes.io/os: linux serviceAccountName: ingress-nginx terminationGracePeriodSeconds: 300 volumes: - name: webhook-cert secret: secretName: ingress-nginx-admission --- # Source: ingress-nginx/templates/controller-ingressclass.yaml # We don't support namespaced ingressClass yet # So a ClusterRole and a ClusterRoleBinding is required apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: controller name: nginx namespace: ingress-nginx spec: controller: k8s.io/ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/validating-webhook.yaml # before changing this value, check the required kubernetes version # https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#prerequisites apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook name: ingress-nginx-admission webhooks: - name: validate.nginx.ingress.kubernetes.io matchPolicy: Equivalent rules: - apiGroups: - networking.k8s.io apiVersions: - v1 operations: - CREATE - UPDATE resources: - ingresses failurePolicy: Fail sideEffects: None admissionReviewVersions: - v1 clientConfig: service: namespace: ingress-nginx name: ingress-nginx-controller-admission path: /networking/v1/ingresses --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/serviceaccount.yaml apiVersion: v1 kind: ServiceAccount metadata: name: ingress-nginx-admission namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: ingress-nginx-admission annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook rules: - apiGroups: - admissionregistration.k8s.io resources: - validatingwebhookconfigurations verbs: - get - update --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: ingress-nginx-admission annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: ingress-nginx-admission subjects: - kind: ServiceAccount name: ingress-nginx-admission namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: ingress-nginx-admission namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook rules: - apiGroups: - '' resources: - secrets verbs: - get - create --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/rolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: ingress-nginx-admission namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade,post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: ingress-nginx-admission subjects: - kind: ServiceAccount name: ingress-nginx-admission namespace: ingress-nginx --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-createSecret.yaml apiVersion: batch/v1 kind: Job metadata: name: ingress-nginx-admission-create namespace: ingress-nginx annotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: template: metadata: name: ingress-nginx-admission-create labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: create image: registry.cn-hangzhou.aliyuncs.com/chenby/kube-webhook-certgen:v1.1.1 imagePullPolicy: IfNotPresent args: - create - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - --namespace=$(POD_NAMESPACE) - --secret-name=ingress-nginx-admission env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission nodeSelector: kubernetes.io/os: linux securityContext: runAsNonRoot: true runAsUser: 2000 --- # Source: ingress-nginx/templates/admission-webhooks/job-patch/job-patchWebhook.yaml apiVersion: batch/v1 kind: Job metadata: name: ingress-nginx-admission-patch namespace: ingress-nginx annotations: helm.sh/hook: post-install,post-upgrade helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: template: metadata: name: ingress-nginx-admission-patch labels: helm.sh/chart: ingress-nginx-4.0.10 app.kubernetes.io/name: ingress-nginx app.kubernetes.io/instance: ingress-nginx app.kubernetes.io/version: 1.1.0 app.kubernetes.io/managed-by: Helm app.kubernetes.io/component: admission-webhook spec: containers: - name: patch image: registry.cn-hangzhou.aliyuncs.com/chenby/kube-webhook-certgen:v1.1.1 imagePullPolicy: IfNotPresent args: - patch - --webhook-name=ingress-nginx-admission - --namespace=$(POD_NAMESPACE) - --patch-mutating=false - --secret-name=ingress-nginx-admission - --patch-failure-policy=Fail env: - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace securityContext: allowPrivilegeEscalation: false restartPolicy: OnFailure serviceAccountName: ingress-nginx-admission nodeSelector: kubernetes.io/os: linux securityContext: runAsNonRoot: true runAsUser: 2000 [root@hello ~/yaml]# 启用后端，写入配置文件执行[root@hello ~/yaml]# vim backend.yaml [root@hello ~/yaml]# cat backend.yaml apiVersion: apps/v1 kind: Deployment metadata: name: default-http-backend labels: app.kubernetes.io/name: default-http-backend namespace: kube-system spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: default-http-backend template: metadata: labels: app.kubernetes.io/name: default-http-backend spec: terminationGracePeriodSeconds: 60 containers: - name: default-http-backend image: registry.cn-hangzhou.aliyuncs.com/chenby/defaultbackend-amd64:1.5 livenessProbe: httpGet: path: /healthz port: 8080 scheme: HTTP initialDelaySeconds: 30 timeoutSeconds: 5 ports: - containerPort: 8080 resources: limits: cpu: 10m memory: 20Mi requests: cpu: 10m memory: 20Mi --- apiVersion: v1 kind: Service metadata: name: default-http-backend namespace: kube-system labels: app.kubernetes.io/name: default-http-backend spec: ports: - port: 80 targetPort: 8080 selector: app.kubernetes.io/name: default-http-backend [root@hello ~/yaml]# 安装测试应用[root@hello ~/yaml]# vim ingress-demo-app.yaml [root@hello ~/yaml]# [root@hello ~/yaml]# cat ingress-demo-app.yaml apiVersion: apps/v1 kind: Deployment metadata: name: hello-server spec: replicas: 2 selector: matchLabels: app: hello-server template: metadata: labels: app: hello-server spec: containers: - name: hello-server image: registry.cn-hangzhou.aliyuncs.com/lfy_k8s_images/hello-server ports: - containerPort: 9000 --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: nginx-demo name: nginx-demo spec: replicas: 2 selector: matchLabels: app: nginx-demo template: metadata: labels: app: nginx-demo spec: containers: - image: nginx name: nginx --- apiVersion: v1 kind: Service metadata: labels: app: nginx-demo name: nginx-demo spec: selector: app: nginx-demo ports: - port: 8000 protocol: TCP targetPort: 80 --- apiVersion: v1 kind: Service metadata: labels: app: hello-server name: hello-server spec: selector: app: hello-server ports: - port: 8000 protocol: TCP targetPort: 9000 --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ingress-host-bar spec: ingressClassName: nginx rules: - host: "hello.chenby.cn" http: paths: - pathType: Prefix path: "/" backend: service: name: hello-server port: number: 8000 - host: "demo.chenby.cn" http: paths: - pathType: Prefix path: "/nginx" backend: service: name: nginx-demo port: number: 8000 [root@hello ~/yaml]# [root@hello ~/yaml]# kubectl get ingress NAME CLASS HOSTS ADDRESS PORTS AGE ingress-demo-app <none> app.demo.com 192.168.1.11 80 20m ingress-host-bar nginx hello.chenby.cn,demo.chenby.cn 192.168.1.11 80 2m17s [root@hello ~/yaml]# 执行部署root@hello:~# kubectl apply -f deploy.yaml namespace/ingress-nginx created serviceaccount/ingress-nginx created configmap/ingress-nginx-controller created clusterrole.rbac.authorization.k8s.io/ingress-nginx created clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx created role.rbac.authorization.k8s.io/ingress-nginx created rolebinding.rbac.authorization.k8s.io/ingress-nginx created service/ingress-nginx-controller-admission created service/ingress-nginx-controller created deployment.apps/ingress-nginx-controller created ingressclass.networking.k8s.io/nginx created validatingwebhookconfiguration.admissionregistration.k8s.io/ingress-nginx-admission created serviceaccount/ingress-nginx-admission created clusterrole.rbac.authorization.k8s.io/ingress-nginx-admission created clusterrolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created role.rbac.authorization.k8s.io/ingress-nginx-admission created rolebinding.rbac.authorization.k8s.io/ingress-nginx-admission created job.batch/ingress-nginx-admission-create created job.batch/ingress-nginx-admission-patch created root@hello:~# root@hello:~# kubectl apply -f backend.yaml deployment.apps/default-http-backend created service/default-http-backend created root@hello:~# root@hello:~# kubectl apply -f ingress-demo-app.yaml deployment.apps/hello-server created deployment.apps/nginx-demo created service/nginx-demo created service/hello-server created ingress.networking.k8s.io/ingress-host-bar created root@hello:~# 过滤查看ingress端口[root@hello ~/yaml]# kubectl get svc -A | grep ingress default ingress-demo-app ClusterIP 10.68.231.41 <none> 80/TCP 51m ingress-nginx ingress-nginx-controller NodePort 10.68.93.71 <none> 80:32746/TCP,443:30538/TCP 32m ingress-nginx ingress-nginx-controller-admission ClusterIP 10.68.146.23 <none> 443/TCP 32m [root@hello ~/yaml]# https://www.oiox.cn/ https://www.chenby.cn/ https://cby-chen.github.io/ https://blog.csdn.net/qq_33921750 https://my.oschina.net/u/3981543 https://www.zhihu.com/people/chen-bu-yun-2 https://segmentfault.com/u/hppyvyv6/articles https://juejin.cn/user/3315782802482007 https://cloud.tencent.com/developer/column/93230 https://www.jianshu.com/u/0f894314ae2c https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/ CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、今日头条、个人博客、全网可搜《小陈运维》本文使用文章同步助手同步
- 2022年04月21日
- 752 阅读
- 0 评论
- 0 点赞
2022-04-20
在Kubernetes上安装Netdata的方法介绍Netdata可用于监视kubernetes集群并显示有关集群的信息，包括节点内存使用率、CPU、网络等，简单的说，Netdata仪表板可让您全面了解Kubernetes集群，包括在每个节点上运行的服务和Pod。安装HELMroot@hello:~# curl https://baltocdn.com/helm/signing.asc | sudo apt-key add - root@hello:~# sudo apt-get install apt-transport-https --yes root@hello:~# echo "deb https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list root@hello:~# sudo apt-get update root@hello:~# sudo apt-get install helm 添加源并安装root@hello:~# helm repo add netdata https://netdata.github.io/helmchart/ "netdata" has been added to your repositories root@hello:~# helm install netdata netdata/netdata W0420 09:20:51.993046 1306427 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+ W0420 09:20:52.298158 1306427 warnings.go:70] policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+ NAME: netdata LAST DEPLOYED: Wed Apr 20 09:20:50 2022 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: 1. netdata will be available on http://netdata.k8s.local/, on the exposed port of your ingress controller In a production environment, you You can get that port via `kubectl get services`. e.g. in the following example, the http exposed port is 31737, the https one is 30069. The hostname netdata.k8s.local will need to be added to /etc/hosts, so that it resolves to the exposed IP. That IP depends on how your cluster is set up: - When no load balancer is available (e.g. with minikube), you get the IP shown on `kubectl cluster-info` - In a production environment, the command `kubectl get services` will show the IP under the EXTERNAL-IP column The port can be retrieved in both cases from `kubectl get services` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE exiled-tapir-nginx-ingress-controller LoadBalancer 10.98.132.169 <pending> 80:31737/TCP,443:30069/TCP 11h root@hello:~# helm list NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION netdata default 1 2022-04-20 09:20:50.947921117 +0800 CST deployed netdata-3.7.15 v1.33.1 查看PODroot@hello:~# kubectl get pod NAME READY STATUS RESTARTS AGE netdata-child-2h65n 2/2 Running 0 77s netdata-child-dfv82 2/2 Running 0 77s netdata-child-h6fw6 2/2 Running 0 77s netdata-child-lc9fd 2/2 Running 0 77s netdata-child-nh566 2/2 Running 0 77s netdata-child-ns2p2 2/2 Running 0 77s netdata-child-v74x5 2/2 Running 0 77s netdata-child-xjlrv 2/2 Running 0 77s netdata-parent-57bf6bf47d-vc6fq 1/1 Running 0 77s 添加SVC使外部即可访问root@hello:~# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18d netdata ClusterIP 10.102.160.106 <none> 19999/TCP 3m39s root@hello:~# kubectl expose deployment netdata-parent --type="NodePort" --port 19999 service/netdata-parent exposed root@hello:~# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18d netdata ClusterIP 10.102.160.106 <none> 19999/TCP 3m43s netdata-parent NodePort 10.100.122.173 <none> 19999:30518/TCP 2s root@hello:~# 通过http://<yourmaster-IP>:30518 访问浏览器中的netdata仪表板点击左侧可以查看具体每一台机器的信息 https://www.oiox.cn/ https://www.chenby.cn/ https://cby-chen.github.io/ https://blog.csdn.net/qq_33921750 https://my.oschina.net/u/3981543 https://www.zhihu.com/people/chen-bu-yun-2 https://segmentfault.com/u/hppyvyv6/articles https://juejin.cn/user/3315782802482007 https://cloud.tencent.com/developer/column/93230 https://www.jianshu.com/u/0f894314ae2c https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/ CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、今日头条、个人博客、全网可搜《小陈运维》
- 2022年04月20日
- 660 阅读
- 0 评论
- 0 点赞
2022-04-19
经GitHub将kubernetes镜像推送到阿里云背景在安装kubernetes时会出现无法访问镜像站的情况，通过GitHub将kubernetes镜像推送到阿里云之后，即可使用阿里云地址引用所需镜像，现已同步镜像5000+，当前还在陆续同步。仓库使用 Github Action 每天自动运行脚本同步镜像到阿里云。代码仓库https://github.com/cby-chen/sys_images 若有需要自行研究后续更新会在仓库更新目前有如下镜像仓库，后续会陆续增加 docker.elastic.co: - elasticsearch/elasticsearch - kibana/kibana - logstash/logstash - beats/filebeat - beats/heartbeat - beats/packetbeat - beats/auditbeat - beats/journalbeat - beats/metricbeat - apm/apm-server - app-search/app-search quay.io: - coreos/flannel - ceph/ceph - cephcsi/cephcsi - csiaddons/k8s-sidecar - csiaddons/volumereplication-operator - prometheus/prometheus - prometheus/alertmanager - prometheus/pushgateway - prometheus/blackbox-exporter - prometheus/node-exporter - prometheus-operator/prometheus-config-reloader - prometheus-operator/prometheus-operator - brancz/kube-rbac-proxy k8s.gcr.io: - etcd - kube-proxy - kube-apiserver - kube-scheduler - kube-controller-manager - coredns/coredns - dns/k8s-dns-node-cache - metrics-server/metrics-server - ingress-nginx/controller - ingress-nginx/kube-webhook-certgen - kube-state-metrics/kube-state-metrics - prometheus-adapter/prometheus-adapter - sig-storage/nfs-subdir-external-provisioner - sig-storage/csi-node-driver-registrar - sig-storage/csi-provisioner - sig-storage/csi-resizer - sig-storage/csi-snapshotter - sig-storage/csi-attacher gcr.io: - kaniko-project/executor 使用方式docker.elastic.co/kibana/{image_name} ==> registry.cn-hangzhou.aliyuncs.com/chenby/{image_name} quay.io/csiaddons/{image_name} ==> registry.cn-hangzhou.aliyuncs.com/chenby/{image_name} k8s.gcr.io/{image_name} ==> registry.cn-hangzhou.aliyuncs.com/chenby/{image_name} .... 拉去镜像docker pull registry.cn-hangzhou.aliyuncs.com/chenby/kube-scheduler:[镜像版本号] https://www.oiox.cn/ https://www.chenby.cn/ https://cby-chen.github.io/ https://weibo.com/u/5982474121 https://blog.csdn.net/qq_33921750 https://my.oschina.net/u/3981543 https://www.zhihu.com/people/chen-bu-yun-2 https://segmentfault.com/u/hppyvyv6/articles https://juejin.cn/user/3315782802482007 https://space.bilibili.com/352476552/article https://cloud.tencent.com/developer/column/93230 https://www.jianshu.com/u/0f894314ae2c https://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/ CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年04月19日
- 462 阅读
- 0 评论
- 0 点赞
2022-04-15
Let's Encrypt 泛域名证书申请泛域名泛域名证书又名通配符证书是SSL证书中的其中一种形式，一般会以通配符的形式(如：*.domain.com)来指定证书所要保护的域名。OV证书和DV证书都会有通配符的域名形式提供，而EV证书一般没有通配符的证书形式。1.配置灵活方便由于采用了通配符的形式对域名进行配置，那么对于拥有多个二级域名的网站是一件非常便利的事情。只要申请一张通配符证书，就能用于所有的二级域名网站中。而且如果以后需要继续增加二级域名，也不需要再去申请购买证书，只需继续使用原有的证书就可以，对于网站管理者来说确实是非常的方便。2.性价比高一般而言，通配符证书是会比单域名证书会贵上不少，但是假如按每个二级域名的证书价格摊分下来，那其实证书单价是及其的低。当然这要看你的二级域名数量总数有多少而定。但如今互联网时代，很多公司企业他们都会用户多个二级域名。对于这些企业而言，通配符证书无疑是一种高性价比的SSL证书。安装所需环境root@cby:~# apt-get install socat -y root@cby:~# curl https://get.acme.sh | sh -s email=cby@chenby.cn % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 100 937 0 937 0 0 788 0 --:--:-- 0:00:01 --:--:-- 789 % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 210k 100 210k 0 0 131k 0 0:00:01 0:00:01 --:--:-- 131k [Fri 15 Apr 2022 11:54:09 AM CST] Installing from online archive. [Fri 15 Apr 2022 11:54:09 AM CST] Downloading https://github.com/acmesh-official/acme.sh/archive/master.tar.gz [Fri 15 Apr 2022 11:54:11 AM CST] Extracting master.tar.gz [Fri 15 Apr 2022 11:54:11 AM CST] Installing to /root/.acme.sh [Fri 15 Apr 2022 11:54:11 AM CST] Installed to /root/.acme.sh/acme.sh [Fri 15 Apr 2022 11:54:11 AM CST] Installing alias to '/root/.bashrc' [Fri 15 Apr 2022 11:54:11 AM CST] OK, Close and reopen your terminal to start using acme.sh [Fri 15 Apr 2022 11:54:11 AM CST] Installing cron job 49 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null [Fri 15 Apr 2022 11:54:11 AM CST] Good, bash is found, so change the shebang to use bash as preferred. [Fri 15 Apr 2022 11:54:12 AM CST] OK [Fri 15 Apr 2022 11:54:12 AM CST] Install success! root@cby:~# 进入导入环境变量并提出申请root@cby:~# cd .acme.sh/ root@cby:~/.acme.sh# export DP_Id="abcd" root@cby:~/.acme.sh# export DP_Key="xxxxxxxxxx" root@cby:~/.acme.sh# ./acme.sh --issue --dns dns_dp -d *.oiox.cn -d oiox.cn [Fri 15 Apr 2022 12:05:13 PM CST] Using CA: https://acme.zerossl.com/v2/DV90 [Fri 15 Apr 2022 12:05:13 PM CST] Multi domain='DNS:*.oiox.cn,DNS:oiox.cn' [Fri 15 Apr 2022 12:05:13 PM CST] Getting domain auth token for each domain [Fri 15 Apr 2022 12:05:38 PM CST] Getting webroot for domain='*.oiox.cn' [Fri 15 Apr 2022 12:05:38 PM CST] Getting webroot for domain='oiox.cn' [Fri 15 Apr 2022 12:05:39 PM CST] Adding txt value: DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6E for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:05:39 PM CST] Adding record [Fri 15 Apr 2022 12:05:39 PM CST] The txt record is added: Success. [Fri 15 Apr 2022 12:05:40 PM CST] Adding txt value: 43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5I for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:05:40 PM CST] Adding record [Fri 15 Apr 2022 12:05:40 PM CST] The txt record is added: Success. [Fri 15 Apr 2022 12:05:40 PM CST] Let's check each DNS record now. Sleep 20 seconds first. [Fri 15 Apr 2022 12:06:01 PM CST] You can use '--dnssleep' to disable public dns checks. [Fri 15 Apr 2022 12:06:01 PM CST] See: https://github.com/acmesh-official/acme.sh/wiki/dnscheck [Fri 15 Apr 2022 12:06:02 PM CST] Checking oiox.cn for _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:04 PM CST] Domain oiox.cn '_acme-challenge.oiox.cn' success. [Fri 15 Apr 2022 12:06:04 PM CST] Checking oiox.cn for _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:05 PM CST] Domain oiox.cn '_acme-challenge.oiox.cn' success. [Fri 15 Apr 2022 12:06:05 PM CST] All success, let's return [Fri 15 Apr 2022 12:06:05 PM CST] Verifying: *.oiox.cn [Fri 15 Apr 2022 12:06:17 PM CST] Processing, The CA is processing your order, please just wait. (1/30) [Fri 15 Apr 2022 12:06:24 PM CST] Success [Fri 15 Apr 2022 12:06:24 PM CST] Verifying: oiox.cn [Fri 15 Apr 2022 12:06:31 PM CST] Processing, The CA is processing your order, please just wait. (1/30) [Fri 15 Apr 2022 12:06:34 PM CST] Success [Fri 15 Apr 2022 12:06:34 PM CST] Removing DNS records. [Fri 15 Apr 2022 12:06:34 PM CST] Removing txt: DDuc5hd3b1RIoa5BefBkA53EpEtbAY0Fk8jOVVJcL6E for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:35 PM CST] Removed: Success [Fri 15 Apr 2022 12:06:35 PM CST] Removing txt: 43GHnhiHjyxCxsdHSDRDP_A4YqP8dDjc_9YgnkFNk5I for domain: _acme-challenge.oiox.cn [Fri 15 Apr 2022 12:06:36 PM CST] Removed: Success [Fri 15 Apr 2022 12:06:36 PM CST] Verify finished, start to sign. [Fri 15 Apr 2022 12:06:36 PM CST] Lets finalize the order. [Fri 15 Apr 2022 12:06:36 PM CST] Le_OrderFinalize='https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA/finalize' [Fri 15 Apr 2022 12:06:44 PM CST] Order status is processing, lets sleep and retry. [Fri 15 Apr 2022 12:06:44 PM CST] Retry after: 15 [Fri 15 Apr 2022 12:07:00 PM CST] Polling order status: https://acme.zerossl.com/v2/DV90/order/G4Sy37Y-eHjHX1wLMAh5nA [Fri 15 Apr 2022 12:07:03 PM CST] Downloading cert. [Fri 15 Apr 2022 12:07:03 PM CST] Le_LinkCert='https://acme.zerossl.com/v2/DV90/cert/r4l-4WevkiEwiZA3U340ig' [Fri 15 Apr 2022 12:07:10 PM CST] Cert success. -----BEGIN CERTIFICATE----- MIIGaDCCBFCgAwIBAgIRAPw9soTBNxRGIVE6ANgMifAwDQYJKoZIhvcNAQEMBQAw SzELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB1plcm9TU0wxKjAoBgNVBAMTIVplcm9T U0wgUlNBIERvbWFpbiBTZWN1cmUgU2l0ZSBDQTAeFw0yMjA0MTUwMDAwMDBaFw0y MjA3MTQyMzU5NTlaMBQxEjAQBgNVBAMMCSoub2lveC5jbjCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBALj8qi39uAgrhdwzQ6zP+ADRZgO2qGAVN4Qmu/ul tANIVXuM/B3lbD6RM+Msb1Df5FKXJoga+hBjBQI9iX+k4M3uf2isIeZBJix1dj2N 6o2NpcbCXEyPclOFSWHuOuMgCXKofThz9Vlgb1sZsuBv7+6mF/qGEmX2nsjIYlPh /x7NqB1+WF+ouKPWOvWTg/O+NaJd/8EkIhtqwYRH19JtIMxZAnVcnk/vlUirHFdl K0C21mCn4SZpG/k0tfLkUAJ/dokWAYKiAV5kCr1cpS/mEKGWKbgR0+e436ZlAXR8 pPJLHvV19U+D4+YrjvEGrxh0p3sQmVLAQiKvX8H/2e6/lJUCAwEAAaOCAnwwggJ4 MB8GA1UdIwQYMBaAFMjZeGii2Rlo1T1y3l8KPty1hoamMB0GA1UdDgQWBBQNQ6Tg Wc9VXEb7JBebpnqg07n6lDAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAd BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwSQYDVR0gBEIwQDA0BgsrBgEE AbIxAQICTjAlMCMGCCsGAQUFBwIBFhdodHRwczovL3NlY3RpZ28uY29tL0NQUzAI BgZngQwBAgEwgYgGCCsGAQUFBwEBBHwwejBLBggrBgEFBQcwAoY/aHR0cDovL3pl cm9zc2wuY3J0LnNlY3RpZ28uY29tL1plcm9TU0xSU0FEb21haW5TZWN1cmVTaXRl Q0EuY3J0MCsGCCsGAQUFBzABhh9odHRwOi8vemVyb3NzbC5vY3NwLnNlY3RpZ28u Y29tMIIBAgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUARqVV63X6kSAwtaKJafTzfREs QXS+/Um4havy/HD+bUcAAAGAK2cJxgAABAMARjBEAiBqAyCsE36I+qUvZaEuWqNf XuLAgdaNl6Xi/XrtpEIQhAIgRxOZNoDnqjgxGxfuG4kaGvLzlJezgbzss49CK/pH g+MAdQBByMqx3yJGShDGoToJQodeTjGLGwPr60vHaPCQYpYG9gAAAYArZwmVAAAE AwBGMEQCIE4CJqmMWMJBpSMumrxsK4hBV2aVoG6zke9vqjvUD6mQAiBaCjPj2NJC ULsSB39TVW9maHtX9oQ8Wl9vLAD4dKirkDAdBgNVHREEFjAUggkqLm9pb3guY26C B29pb3guY24wDQYJKoZIhvcNAQEMBQADggIBAGdRf30QaQQ764Qe7e/+qFX6gcQ2 nee8w4jKTLgcXL0un5Fb9lJi/cJtdsMDxvYyrFEhYIl3XosP2Kzl0DAwxYV2QcN0 g0EulOfU46v/rueWuLo/AwzSVdSwxPTLa+QI69cPgQk/skqRigv17zjdbRRVY7jm /+a9wGc8st0CNUtCgH4N03HcexIqbo7wquNUE19rvhFOTPMewID7P8NviitM76vS K3C7SNqnyeIAZ3ydOFamZ4ye68mEQCJ0LGaSlDme8tY3eA3vliziKeouv6itGbRS X2Ze8Twk/8PADC0sxIjPjrh47ngE+DNpEEDr6PH89hnvjEl3V0ZFV9dW1McAoq2Q RW4LyXeSXasYPKQU1ncTjDsymquX5r7OJ1SCnXUCuEFohoGWkZTWUFQBy3C8Xwuz AHzYxzsSPyKV19sJEUkSaFIEQH5dbMqGSnk60gE+bqDfRTZ2PL9WGp+by60HSbzo 3ehnUoyRkggmoD+SX8AAJLPuxkHFB/L68CL7knwWXzYcBYfj0yv+0T5HPhOofHud Fwv/h5loRN/1jeVwIblo9B+3KnNNDAxd5NTf1l80oZJgKqS6zoFJwKbE0X11Ved7 m35ZEcj4UwrgSFLE7Y9+to66In2N/QpvFPFclE9Xfwdd03YAmxS/biIul2xrkzBf E9Q19NWLnTA2YU52 -----END CERTIFICATE----- [Fri 15 Apr 2022 12:07:10 PM CST] Your cert is in: /root/.acme.sh/*.oiox.cn/*.oiox.cn.cer [Fri 15 Apr 2022 12:07:10 PM CST] Your cert key is in: /root/.acme.sh/*.oiox.cn/*.oiox.cn.key [Fri 15 Apr 2022 12:07:10 PM CST] The intermediate CA cert is in: /root/.acme.sh/*.oiox.cn/ca.cer [Fri 15 Apr 2022 12:07:10 PM CST] And the full chain certs is there: /root/.acme.sh/*.oiox.cn/fullchain.cer 查看已申请出来证书root@cby:~/.acme.sh# cd \*.oiox.cn root@cby:~/.acme.sh/*.oiox.cn# ll total 44 drwxr-xr-x 2 root root 4096 Jul 27 10:31 ./ drwx------ 7 root root 4096 Jul 27 10:28 ../ -rw-r--r-- 1 root root 4399 Jul 27 10:31 ca.cer -rw-r--r-- 1 root root 6684 Jul 27 10:31 fullchain.cer -rw-r--r-- 1 root root 2285 Jul 27 10:31 '*.oiox.cn.cer' -rw-r--r-- 1 root root 556 Jul 27 10:31 '*.oiox.cn.conf' -rw-r--r-- 1 root root 956 Jul 27 10:28 '*.oiox.cn.csr' -rw-r--r-- 1 root root 156 Jul 27 10:28 '*.oiox.cn.csr.conf' -rw------- 1 root root 1679 Jul 27 10:28 '*.oiox.cn.key' root@cby:~/.acme.sh/*.oiox.cn#Nginx部署证书示例： server { listen 80; listen [::]:80; listen 443 ssl; listen [::]:443; ssl_certificate /ssl/cert.pem; ssl_certificate_key /ssl/cert.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; server_name dns.oiox.cn; root /var/www/dns; index index.html; location / { try_files $uri $uri/ =404; } } # 转化证书 acme.sh --install-cert -d *.oiox.cn --key-file /ssl/cert.key --fullchain-file /ssl/cert.pem --reloadcmd "service nginx force-reload" [Wed 27 Jul 2022 10:34:41 AM CST] Installing key to: /ssl/cert.key [Wed 27 Jul 2022 10:34:41 AM CST] Installing full chain to: /ssl/cert.pem [Wed 27 Jul 2022 10:34:41 AM CST] Run reload cmd: service nginx force-reload [Wed 27 Jul 2022 10:34:41 AM CST] Reload success 证书更新目前通过 acme.sh 生成的证书会在60天过期安装 acme.sh 时会自动创建一个 cronjob，每天定期检查所有证书，如果证书需要更新会自动更新证书。# 1.手动更新 acme.sh --renew -d example.com --force # 2.自动更新 crontab -l 12 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null # 3.主程序自动更新 acme.sh --upgrade --auto-upgrade附录上面使用DNSPOD进行动态解析申请证书阿里云DNS申请 export Ali_Key="abcd" export Ali_Secret="xxxxxxxxxx" # RSA 证书 acme.sh --issue --dns dns_ali -d blog.exsvc.cn -d *.exsvc.cn # ECC 证书 acme.sh --issue --dns dns_ali -d blog.exsvc.cn -d *.exsvc.cn --keylength ec-256 腾讯云DNS申请 export DP_Id="abcd" export DP_Key="xxxxxxxxxx" ./acme.sh --issue --dns dns_dp -d *.oiox.cn -d oiox.cn CloudFlare申请 export CF_Key="763eac4f1bcebd8b5c95e9fc50d010b4" export CF_Email="alice@example.com" ./acme.sh --issue --dns dns_cf -d example.com -d '*.example.com' 更多申请方式见：https://github.com/acmesh-official/acme.sh/wiki/dnsapi 关于https://www.oiox.cn/https://www.oiox.cn/index.php/start-page.htmlCSDN、GitHub、知乎、开源中国、思否、掘金、简书、华为云、阿里云、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客全网可搜《小陈运维》文章主要发布于微信公众号
- 2022年04月15日
- 477 阅读
- 1 评论
- 0 点赞
2022-04-12
docker方式实现postgres数据持久化离线安装保存镜像root@hello:~# docker pull postgres Using default tag: latest latest: Pulling from library/postgres a2abf6c4d29d: Already exists e1769f49f910: Pull complete 33a59cfee47c: Pull complete 461b2090c345: Pull complete 8ed8ab6290ac: Pull complete 495e42c822a0: Pull complete 18e858c71c58: Pull complete 594792c80d5f: Pull complete 794976979956: Pull complete eb5e1a73c3ca: Pull complete 6d6360292cba: Pull complete 131e916e1a28: Pull complete 757a73507e2e: Pull complete Digest: sha256:f329d076a8806c0ce014ce5e554ca70f4ae9407a16bb03baa7fef287ee6371f1 Status: Downloaded newer image for postgres:latest docker.io/library/postgres:latest root@hello:~# root@hello:~# docker save > postgres.tar postgres:latest root@hello:~# ll postgres.tar -rw-r--r-- 1 root root 381950976 Mar 30 08:04 postgres.tar root@hello:~# 导入镜像root@hello:~# docker load -i postgres.tar 7ab4f6ae3ff7: Loading layer [==================================================>] 10.18MB/10.18MB db8b35906c8d: Loading layer [==================================================>] 340kB/340kB f9f2c722c092: Loading layer [==================================================>] 4.19MB/4.19MB 75be6af37d28: Loading layer [==================================================>] 25.7MB/25.7MB 15dd9dd29d12: Loading layer [==================================================>] 1.682MB/1.682MB 1d5d2439ed88: Loading layer [==================================================>] 2.048kB/2.048kB 920ba1e03a88: Loading layer [==================================================>] 6.656kB/6.656kB eb96dca5c689: Loading layer [==================================================>] 255.8MB/255.8MB 3acb2bfab7b0: Loading layer [==================================================>] 66.56kB/66.56kB 140aef27609a: Loading layer [==================================================>] 2.048kB/2.048kB c06253083edb: Loading layer [==================================================>] 3.584kB/3.584kB e7b07b473569: Loading layer [==================================================>] 15.36kB/15.36kB Loaded image: postgres:latest 启动容器root@hello:~# mkdir /data/postgres -p root@hello:~# docker run --name postgres -e POSTGRES_PASSWORD=thinker -p 5432:5432 -v /data/postgres:/var/lib/postgresql/data -d postgres ae30b561a607210d4cbb42f5cc344898341124feeb1a2e5fe68031ec1a46b5b4 root@hello:~# docker ps | grep postgres ae30b561a607 postgres "docker-entrypoint.s…" About a minute ago Up About a minute 0.0.0.0:5432->5432/tcp, :::5432->5432/tcp postgres 访问测试root@hello:~# docker exec -it ae30b561a607 bash root@ae30b561a607:/# su postgres postgres@ae30b561a607:/$ psql psql (14.1 (Debian 14.1-1.pgdg110+1)) Type "help" for help. postgres-# \l List of databases Name | Owner | Encoding | Collate | Ctype | Access privileges -----------+----------+----------+------------+------------+----------------------- postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 | template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + | | | | | postgres=CTc/postgres template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres + | | | | | postgres=CTc/postgres (3 rows) postgres-# https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
- 2022年04月12日
- 661 阅读
- 0 评论
- 0 点赞