搜索到
199
篇与
默认分类
的结果
-
Linux磁盘LVM根目录扩容 LVM 的基本概念物理卷 Physical Volume (PV):可以在上面建立卷组的媒介,可以是硬盘分区,也可以是硬盘本身或者回环文件(loopback file)。物理卷包括一个特殊的 header,其余部分被切割为一块块物理区域(physical extents)卷组 Volume group (VG):将一组物理卷收集为一个管理单元逻辑卷 Logical volume (LV):虚拟分区,由物理区域(physical extents)组成物理区域 Physical extent (PE):硬盘可供指派给逻辑卷的最小单位(通常为 4MB)新建分区root@hello:~# fdisk /dev/sda Welcome to fdisk (util-linux 2.34). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. GPT PMBR size mismatch (209715199 != 629145599) will be corrected by write. The backup GPT table is not on the end of the device. This problem will be corrected by write. Command (m for help): n Partition number (4-128, default 4): First sector (209713152-629145566, default 209713152): Last sector, +/-sectors or +/-size{K,M,G,T,P} (209713152-629145566, default 629145566): Created a new partition 4 of type 'Linux filesystem' and of size 200 GiB. Command (m for help): p Disk /dev/sda: 300 GiB, 322122547200 bytes, 629145600 sectors Disk model: QEMU HARDDISK Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 9FD87B41-A400-4DD9-AE87-C852ACB2854D Device Start End Sectors Size Type /dev/sda1 2048 4095 2048 1M BIOS boot /dev/sda2 4096 2101247 2097152 1G Linux filesystem /dev/sda3 2101248 209713151 207611904 99G Linux filesystem /dev/sda4 209713152 629145566 419432415 200G Linux filesystem Command (m for help): w The partition table has been altered. Syncing disks. root@hello:~#扩展pv并查看root@hello:~# pvcreate /dev/sda4 Physical volume "/dev/sda4" successfully created. root@hello:~# pvdisplay --- Physical volume --- PV Name /dev/sda3 VG Name ubuntu-vg PV Size <99.00 GiB / not usable 0 Allocatable yes (but full) PE Size 4.00 MiB Total PE 25343 Free PE 0 Allocated PE 25343 PV UUID DfUNvp-F4D5-J6Rj-sMcS-PqE1-bKf6-2XLfb2 --- Physical volume --- PV Name /dev/sda4 VG Name ubuntu-vg PV Size 200.00 GiB / not usable 4.98 MiB Allocatable yes (but full) PE Size 4.00 MiB Total PE 51199 Free PE 0 Allocated PE 51199 PV UUID yeXSs6-mUWY-Q31q-oD0J-yWHA-zPfp-92AKrO扩展vg并查看root@hello:~# vgextend ubuntu-vg /dev/sda4 Volume group "ubuntu-vg" successfully extended root@hello:~# vgdisplay --- Volume group --- VG Name ubuntu-vg System ID Format lvm2 Metadata Areas 2 Metadata Sequence No 4 VG Access read/write VG Status resizable MAX LV 0 Cur LV 1 Open LV 1 Max PV 0 Cur PV 2 Act PV 2 VG Size 298.99 GiB PE Size 4.00 MiB Total PE 76542 Alloc PE / Size 76542 / 298.99 GiB Free PE / Size 0 / 0 VG UUID QpG0NU-5tPY-q5Bw-mLIu-Axl6-mdtP-19WWq6扩展lv并查看root@hello:~# lvextend /dev/ubuntu-vg/ubuntu-lv /dev/sda4 Size of logical volume ubuntu-vg/ubuntu-lv changed from <99.00 GiB (25343 extents) to 298.99 GiB (76542 extents). Logical volume ubuntu-vg/ubuntu-lv successfully resized. root@hello:~# lvdisplay --- Logical volume --- LV Path /dev/ubuntu-vg/ubuntu-lv LV Name ubuntu-lv VG Name ubuntu-vg LV UUID ODU5p6-8E8i-30tn-3hzs-AifF-iF4Z-HzMuFL LV Write Access read/write LV Creation host, time ubuntu-server, 2022-03-29 09:07:30 +0000 LV Status available # open 1 LV Size 298.99 GiB Current LE 76542 Segments 2 Allocation inherit Read ahead sectors auto - currently set to 256 Block device 253:0扩展根文件系统root@hello:~# resize2fs /dev/ubuntu-vg/ubuntu-lv resize2fs 1.45.5 (07-Jan-2020) Filesystem at /dev/ubuntu-vg/ubuntu-lv is mounted on /; on-line resizing required old_desc_blocks = 13, new_desc_blocks = 38 The filesystem on /dev/ubuntu-vg/ubuntu-lv is now 78379008 (4k) blocks long.若是xfs文件系统,可以使用xfs_growfs命令root@hello:~# df -hT | grep ubuntu--vg-ubuntu--lv /dev/mapper/ubuntu--vg-ubuntu--lv ext4 294G 14G 268G 5% / root@hello:~#查看块设备的依赖关系root@hello:~# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT loop0 7:0 0 31.1M 1 loop /snap/snapd/10707 loop1 7:1 0 55.4M 1 loop /snap/core18/1944 loop2 7:2 0 69.9M 1 loop /snap/lxd/19188 sda 8:0 0 300G 0 disk ├─sda1 8:1 0 1M 0 part ├─sda2 8:2 0 1G 0 part /boot ├─sda3 8:3 0 99G 0 part │ └─ubuntu--vg-ubuntu--lv 253:0 0 299G 0 lvm / └─sda4 8:4 0 200G 0 part └─ubuntu--vg-ubuntu--lv 253:0 0 299G 0 lvm / sr0 11:0 1 1.1G 0 rom root@hello:~#https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》 -
使用HTMLform表单操作腾讯云DNS控制台 在使用中经常需要修改DNS记录,或者查询、删除操作。每次都得登录腾讯云控制台,腾讯云比较鸡肋的一点就是需要进行微信扫码登录,每次操作太不方便。 可以使用api接口进行操作腾讯云上的产品。所以使用HTML写了一个前端页面,暂时没有美化,目前只有基础功能。前端代码如下,同时可以访问:http://dns.oiox.cn/ 使用<!-- * @Author: 陈步云 * @Date: 2022-01-07 16:52:23 * @LastEditTime: 2022-03-29 15:09:56 * @LastEditors: Please set LastEditors * @Description: 打开koroFileHeader查看配置 进行设置: https://github.com/OBKoro1/koro1FileHeader/wiki/%E9%85%8D%E7%BD%AE * @FilePath: /html/index.nginx-debian.html --> <!DOCTYPE html> <html> <head> <title>Welcome to chenby!</title> <meta charset="UTF-8"> <!-- <script src="http://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="http://oss.maxcdn.com/jquery.form/3.50/jquery.form.min.js"></script> --> <style> body { width: 50em; margin: auto; font-family: Tahoma, Verdana, Arial, sans-serif; } h1{ text-align:center } button{ display:block; margin:0 auto } </style> </head> <body> <h1>腾讯云DNS记录控制台</h1> <h2>查询记录</h2> <form action="https://dnsapi.cn/Record.List" method="POST" > <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json">「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text">「如 oiox.cn」<br><br> </div> <div> 子域名 <input name="sub_domain" type="text">「www」<br><br> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> <h2>新增记录</h2> <form action="https://dnsapi.cn/Record.Create" method="POST"> <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json"> 「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text"> 「如 oiox.cn」<br><br> </div> <div> * 记录类型: <select name="record_type" type="text"> <option value="A">A</option> <option value="AAAA">AAAA</option> <option value="SPF">SPF</option> <option value="CAA">CAA</option> <option value="CNAME">CNAME</option> <option value="MX">MX</option> <option value="TXT">TXT</option> </select> <br> <br> </div> <div> * 主机记录 <input name="sub_domain" type="text"> 「如 www 」<br><br> </div> <div> 解析线路: <select name="record_line" type="text"> <option value="默认">默认</option> <option value="联通">联通</option> <option value="移动">移动</option> <option value="电信">电信</option> <option value="铁通">铁通</option> <option value="境内">境内</option> <option value="境外">境外</option> </select> <br> <br> </div> <div> * 记录值 <input name="value" type="text"> <br>「如 IPv6:2620:119:35::35 IPv4:8.8.8.8, CNAME: cname.dnspod.com., MX: mail.dnspod.com. 等等」<br><br> </div> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> <h2>修改记录</h2> <form action="https://dnsapi.cn/Record.Modify" method="POST"> <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json"> 「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text"> 「如 oiox.cn」<br><br> </div> <div> * 记录ID <input name="record_id" type="text"> 「先使用查询功能查询到record_id」<br><br> </div> <div> * 记录类型: <select name="record_type" type="text"> <option value="A">A</option> <option value="AAAA">AAAA</option> <option value="SPF">SPF</option> <option value="CAA">CAA</option> <option value="CNAME">CNAME</option> <option value="MX">MX</option> <option value="TXT">TXT</option> </select> <br> <br> </div> <div> * 主机记录 <input name="sub_domain" type="text"> 「如 www 」<br><br> </div> <div> 解析线路: <select name="record_line" type="text"> <option value="默认">默认</option> <option value="联通">联通</option> <option value="移动">移动</option> <option value="电信">电信</option> <option value="铁通">铁通</option> <option value="境内">境内</option> <option value="境外">境外</option> </select> <br> <br> </div> <div> * 修改记录值 <input name="value" type="text"> <br>「如 IPv6:2620:119:35::35 IPv4:8.8.8.8, CNAME: cname.dnspod.com., MX: mail.dnspod.com. 等等」<br><br> </div> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> <h2>删除记录</h2> <form action="https://dnsapi.cn/Record.Remove" method="POST"> <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json"> 「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text"> 「如 oiox.cn」<br><br> </div> <div> * 记录ID <input name="record_id" type="text"> 「先使用查询功能查询到record_id」<br><br> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> </body> </html> 会返回一个json解析,建议安装FeHelper工具,可以美化json,方便阅读。 https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
-
kubernetes(k8s)部署 Metrics Server 资源 资源使用指标,例如容器 CPU 和内存使用率,可通过 Metrics API 在 Kubernetes 中获得。这些指标可以直接被用户访问,比如使用 kubectl top 命令行,或者被集群中的控制器 (例如 Horizontal Pod Autoscalers) 使用来做决策。配置api聚合层添加配置api启动service文件 --enable-aggregator-routing=true ps -ef |grep apiserver|grep enable-aggregator-routing root 1147 1 10 10:23 ? 00:30:13 /usr/local/bin/kube-apiserver --v=2 --logtostderr=true --allow-privileged=true --bind-address=0.0.0.0 --secure-port=6443 --insecure-port=0 --advertise-address=192.168.1.30 --service-cluster-ip-range=10.96.0.0/12 --service-node-port-range=30000-32767 --etcd-servers=https://192.168.1.30:2379,https://192.168.1.31:2379,https://192.168.1.32:2379 --etcd-cafile=/etc/etcd/ssl/etcd-ca.pem --etcd-certfile=/etc/etcd/ssl/etcd.pem --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem --client-ca-file=/etc/kubernetes/pki/ca.pem --tls-cert-file=/etc/kubernetes/pki/apiserver.pem --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem --kubelet-client-certificate=/etc/kubernetes/pki/apiserver.pem --kubelet-client-key=/etc/kubernetes/pki/apiserver-key.pem --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-account-issuer=https://kubernetes.default.svc.cluster.local --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota --authorization-mode=Node,RBAC --enable-bootstrap-token-auth=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.pem --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client-key.pem --requestheader-allowed-names=aggregator --requestheader-group-headers=X-Remote-Group --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-username-headers=X-Remote-User --enable-aggregator-routing=true创建应用权限 RBAC 资源文件root@hello:~/cby# cat metrics-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:aggregated-metrics-reader labels: rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:metrics-server rules: - apiGroups: - "" resources: - pods - nodes - nodes/stats - namespaces verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: metrics-server namespace: kube-system root@hello:~/cby#创建 APIService 资源文件 设置扩展 API Service 工作于聚合层,允许使用其 API 扩展 Kubernetes apiserver,而这些 API 并不是核心 Kubernetes API 的一部分。这里部署 APIservice 资源,来提供 Kubernetes Metrics 指标 API 数据。root@hello:~/cby# cat metrics-api-service.yaml ## APIService apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: name: v1beta1.metrics.k8s.io spec: service: name: metrics-server namespace: kube-system port: 443 group: metrics.k8s.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: 100 root@hello:~/cby#创建 Metrics Server 应用资源文件root@hello:~/cby# cat metrics-server-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: metrics-server namespace: kube-system labels: k8s-app: metrics-server spec: selector: matchLabels: k8s-app: metrics-server template: metadata: name: metrics-server labels: k8s-app: metrics-server spec: serviceAccountName: metrics-server volumes: # mount in tmp so we can safely use from-scratch images and/or read-only containers - name: tmp-dir emptyDir: {} hostNetwork: true containers: - name: metrics-server image: bitnami/metrics-server # command: # - /metrics-server # - --kubelet-insecure-tls # - --kubelet-preferred-address-types=InternalIP args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-insecure-tls=true - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,externalDNS ports: - name: main-port containerPort: 4443 protocol: TCP securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 imagePullPolicy: Always volumeMounts: - name: tmp-dir mountPath: /tmp nodeSelector: beta.kubernetes.io/os: linux --- apiVersion: v1 kind: Service metadata: name: metrics-server namespace: kube-system labels: kubernetes.io/name: "Metrics-server" kubernetes.io/cluster-service: "true" spec: selector: k8s-app: metrics-server ports: - port: 443 protocol: TCP targetPort: 4443 root@hello:~/cby#通过 Kubectl 命令部署root@hello:~/cby# kubectl apply -f metrics-rbac.yaml -n kube-system clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created clusterrole.rbac.authorization.k8s.io/system:metrics-server created clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created serviceaccount/metrics-server created root@hello:~/cby# kubectl apply -f metrics-api-service.yaml -n kube-system apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created root@hello:~/cby# kubectl apply -f metrics-server-deploy.yaml -n kube-system Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead deployment.apps/metrics-server created service/metrics-server created root@hello:~/cby# 验证 root@hello:~/cby# kubectl get pod -A | grep metrics-server kube-system metrics-server-5c69d5d5b7-b6246 1/1 Running 0 2m25s root@hello:~/cby# 查看日志 root@hello:~/cby# kubectl logs -n kube-system metrics-server-5c69d5d5b7-b6246 I0328 07:11:37.676490 1 serving.go:341] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key) I0328 07:11:38.148457 1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController I0328 07:11:38.148472 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file I0328 07:11:38.148507 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file I0328 07:11:38.148475 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file I0328 07:11:38.148550 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file I0328 07:11:38.148490 1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController I0328 07:11:38.149073 1 dynamic_serving_content.go:130] Starting serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key I0328 07:11:38.149428 1 secure_serving.go:202] Serving securely on [::]:4443 I0328 07:11:38.149535 1 tlsconfig.go:240] Starting DynamicServingCertificateController I0328 07:11:38.248713 1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController I0328 07:11:38.248732 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file I0328 07:11:38.248754 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file root@hello:~/cby# 查看node资源信息 root@hello:~/cby# kubectl top node NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% 192.168.1.50 184m 2% 4354Mi 56% 192.168.1.51 207m 2% 3892Mi 50% 192.168.1.52 197m 2% 3881Mi 50% 192.168.1.53 185m 2% 3528Mi 46% 192.168.1.54 109m 1% 3427Mi 44% root@hello:~/cby# 查看pod资源信息 root@hello:~/cby# kubectl top pod -n kube-system NAME CPU(cores) MEMORY(bytes) calico-kube-controllers-754966f84c-jm7f7 5m 25Mi calico-node-9tvck 43m 69Mi calico-node-kt2pk 41m 68Mi calico-node-skm82 45m 70Mi calico-node-t4lhb 44m 65Mi calico-node-tz5k9 45m 66Mi coredns-596755dbff-7ggzl 3m 15Mi dashboard-metrics-scraper-799d786dbf-s6r5f 1m 7Mi kubernetes-dashboard-9f8c8b989-57fhz 1m 13Mi metrics-server-5c69d5d5b7-b6246 4m 16Mi node-local-dns-4hzvh 5m 17Mi node-local-dns-6zpdh 3m 17Mi node-local-dns-9jmzz 5m 16Mi node-local-dns-q8pcw 5m 17Mi node-local-dns-tpm6b 5m 29Mi root@hello:~/cby# 查看单个pod资源信息 root@hello:~/cby# kubectl top pod -n kube-system metrics-server-5c69d5d5b7-b6246 NAME CPU(cores) MEMORY(bytes) metrics-server-5c69d5d5b7-b6246 4m 13Mi root@hello:~/cby# https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
-
利用NGINX搭建部署直播流媒体服务器 直播如今是一个老生常谈的问题,怎么用于直播,大多数人只晓得,大佬某平台直播软件,点击开始即可直播。那么如何来搭建一个简易的直播平台呢?仅仅是有直播功能,没有涉及转码以及播放软件。安装nginx以及rtmp模块 root@cby:~# apt install nginx root@cby:~# apt install libnginx-mod-rtmp 修改配置以支持rtmp root@cby:~# vim /etc/nginx/nginx.conf rtmp { server { listen 1935; chunk_size 4096; application live { live on; } } } 检查是否有报错 root@cby:~# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful root@cby:~# 重启nginx root@cby:~# systemctl restart nginx 使用obs直播工具进行推流操作 rtmp://<你的域名或者IP>:1935/live使用vlc拉流播放查看效果https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
-
Containerd 入门基础操作 Containerd 被 Docker、Kubernetes CRI 和其他一些项目使用Containerd 旨在轻松嵌入到更大的系统中。Docker 在后台使用 containerd来运行容器。Kubernetes 可以通过 CRI 使用 containerd来管理单个节点上的容器。生成默认配置root@hello:~# containerd config default > /etc/containerd/config.toml root@hello:~# vim /etc/containerd/config.toml root@hello:~# cat /etc/containerd/config.toml version = 2 root = "/var/lib/containerd" state = "/run/containerd" plugin_dir = "" disabled_plugins = [] required_plugins = [] oom_score = 0 [grpc] address = "/run/containerd/containerd.sock" tcp_address = "" tcp_tls_cert = "" tcp_tls_key = "" uid = 0 gid = 0 max_recv_message_size = 16777216 max_send_message_size = 16777216 [ttrpc] address = "" uid = 0 gid = 0 [debug] address = "" uid = 0 gid = 0 level = "" [metrics] address = "" grpc_histogram = false [cgroup] path = "" [timeouts] "io.containerd.timeout.shim.cleanup" = "5s" "io.containerd.timeout.shim.load" = "5s" "io.containerd.timeout.shim.shutdown" = "3s" "io.containerd.timeout.task.state" = "2s" [plugins] [plugins."io.containerd.gc.v1.scheduler"] pause_threshold = 0.02 deletion_threshold = 0 mutation_threshold = 100 schedule_delay = "0s" startup_delay = "100ms" [plugins."io.containerd.grpc.v1.cri"] disable_tcp_service = true stream_server_address = "127.0.0.1" stream_server_port = "0" stream_idle_timeout = "4h0m0s" enable_selinux = false selinux_category_range = 1024 sandbox_image = "k8s.gcr.io/pause:3.2" stats_collect_period = 10 systemd_cgroup = false enable_tls_streaming = false max_container_log_line_size = 16384 disable_cgroup = false disable_apparmor = false restrict_oom_score_adj = false max_concurrent_downloads = 3 disable_proc_mount = false unset_seccomp_profile = "" tolerate_missing_hugetlb_controller = true disable_hugetlb_controller = true ignore_image_defined_volumes = false [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" default_runtime_name = "runc" no_pivot = false disable_snapshot_annotations = true discard_unpacked_layers = false [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" max_conf_num = 1 conf_template = "" [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] [plugins."io.containerd.grpc.v1.cri".image_decryption] key_model = "" [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] tls_cert_file = "" tls_key_file = "" [plugins."io.containerd.internal.v1.opt"] path = "/opt/containerd" [plugins."io.containerd.internal.v1.restart"] interval = "10s" [plugins."io.containerd.metadata.v1.bolt"] content_sharing_policy = "shared" [plugins."io.containerd.monitor.v1.cgroups"] no_prometheus = false [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "runc" runtime_root = "" no_shim = false shim_debug = false [plugins."io.containerd.runtime.v2.task"] platforms = ["linux/amd64"] [plugins."io.containerd.service.v1.diff-service"] default = ["walking"] [plugins."io.containerd.snapshotter.v1.devmapper"] root_path = "" pool_name = "" base_image_size = "" async_remove = false root@hello:~# 配置镜像加速器 [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://ted9wxpi.mirror.aliyuncs.com"]ctr 相当于核心组件,通过加载插件的方式来支持各种操作。使用 ctr plugins ls 来查看当前加载的插件和支持的操作。[root@k8s-master01 ~]# ctr plugins ls TYPE ID PLATFORMS STATUS io.containerd.content.v1 content - ok io.containerd.snapshotter.v1 aufs linux/amd64 error io.containerd.snapshotter.v1 devmapper linux/amd64 error io.containerd.snapshotter.v1 native linux/amd64 ok io.containerd.snapshotter.v1 overlayfs linux/amd64 ok io.containerd.snapshotter.v1 zfs linux/amd64 error io.containerd.metadata.v1 bolt - ok io.containerd.differ.v1 walking linux/amd64 ok io.containerd.gc.v1 scheduler - ok io.containerd.service.v1 introspection-service - ok io.containerd.service.v1 containers-service - ok io.containerd.service.v1 content-service - ok io.containerd.service.v1 diff-service - ok io.containerd.service.v1 images-service - ok io.containerd.service.v1 leases-service - ok io.containerd.service.v1 namespaces-service - ok io.containerd.service.v1 snapshots-service - ok io.containerd.runtime.v1 linux linux/amd64 ok io.containerd.runtime.v2 task linux/amd64 ok io.containerd.monitor.v1 cgroups linux/amd64 ok io.containerd.service.v1 tasks-service - ok io.containerd.internal.v1 restart - ok io.containerd.grpc.v1 containers - ok io.containerd.grpc.v1 content - ok io.containerd.grpc.v1 diff - ok io.containerd.grpc.v1 events - ok io.containerd.grpc.v1 healthcheck - ok io.containerd.grpc.v1 images - ok io.containerd.grpc.v1 leases - ok io.containerd.grpc.v1 namespaces - ok io.containerd.internal.v1 opt - ok io.containerd.grpc.v1 snapshots - ok io.containerd.grpc.v1 tasks - ok io.containerd.grpc.v1 version - ok io.containerd.grpc.v1 cri linux/amd64 ok [root@k8s-master01 ~]#ctr plugins ls 命令会展示三列 ,第二列 ID 就是对应的命令。例如 plugins 的 id 为 content 可使用 ctr content --help 来查看帮助,以及其他命令来执行操作。[root@k8s-master01 ~]# ctr content --help NAME: ctr content - manage content USAGE: ctr content [global options] command [command options] [arguments...] VERSION: 1.4.13 COMMANDS: active display active transfers delete, del, remove, rm permanently delete one or more blobs edit edit a blob and return a new digest fetch fetch all content for an image into containerd fetch-object retrieve objects from a remote get get the data for an object ingest accept content into the store list, ls list all blobs in the store push-object push an object to a remote label add labels to content GLOBAL OPTIONS: --help, -h show help [root@k8s-master01 ~]# 查看有哪些命名空间[root@k8s-master01 ~]# ctr namespace ls NAME LABELS default k8s.io [root@k8s-master01 ~]# 查看 k8s.io 空间下的镜像有哪些[root@k8s-master01 ~]# ctr -n k8s.io images ls REF TYPE DIGEST SIZE PLATFORMS LABELS k8s.gcr.io/ingress-nginx/kube-webhook-certgen@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 application/vnd.docker.distribution.manifest.list.v2+json sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 18.0 MiB linux/amd64,linux/arm/v7,linux/arm64,linux/s390x接下来 从 容器的 生命周期流程 来说明 ctr 命令的使用。ctr images ls 查看镜像[root@k8s-master01 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x - [root@k8s-master01 ~]#ctr images pull 拉取镜像 [root@k8s-master01 ~]# ctr images pull docker.io/library/nginx:alpine docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:1e3458b8841319dec826a9a63b66f98c0bb260d50454dcdbdfe414eed362a3c4: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:9a9d990f68b82fceea08b4b08a0549e3de8ba7840ac721e0b8cc4d2d27e33ccf: done |++++++++++++++++++++++++++++++++++++++| config-sha256:7d73f57a7cf733ff46e22c3d60cb237f7b29e8e7ec6753922f2daa7f5af5d186: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:6c53e58c6af6338b6ea1ddeb46b638a719e4afdd2cffb5cf80362af3e61099d1: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:bda3fba8f6c468c5b9f60cec056498ebdedf711410c8864f956f0b8d3408428c: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:e07cc103cea6f44382a40ffe1f7d893781521aa2723765c069f23480e674dd0c: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:3d243047344378e9b7136d552d48feb7ea8b6fe14ce0990e0cc011d5e369626a: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:4ba4f346920eaf3fd54877cf123ac46a7bbea16f23d4b0bdc210988ebe7969f0: done |++++++++++++++++++++++++++++++++++++++| elapsed: 14.8s total: 9.7 Mi (671.0 KiB/s) unpacking linux/amd64 sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a... done [root@k8s-master01 ~]# 只有通过 crictl 或者 Kubernetes 调用时 mirror 才会生效,通过 ctr 拉取是不会生效的。ctr images rm 删除镜像[root@k8s-master01 ~]# ctr images rm docker.io/library/nginx:alpine docker.io/library/nginx:alpine [root@k8s-master01 ~]# [root@k8s-master01 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS [root@k8s-master01 ~]# ctr images mount 挂载[root@k8s-master01 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x - [root@k8s-master01 ~]# ctr images mount docker.io/library/nginx:alpine /cby sha256:7a7cbbee0f17b403a980a36ae708bbd9ee428511a7219da36c50ce7e33662d43 /cby [root@k8s-master01 ~]# [root@k8s-master01 ~]# ls /cby/ bin docker-entrypoint.d etc lib mnt proc run srv tmp var dev docker-entrypoint.sh home media opt root sbin sys usr [root@k8s-master01 ~]# ctr images unmount 卸载[root@k8s-master01 ~]# ctr images unmount /cby /cby [root@k8s-master01 ~]#ctr images export 导出镜像root@hello:~# ctr images export nginx.tar docker.io/library/nginx:alpine root@hello:~# root@hello:~# ls nginx.tar nginx.tar root@hello:~# ctr images import 导入镜像root@hello:~# ctr images import nginx.tar unpacking docker.io/library/nginx:alpine (sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a)...done root@hello:~# ctr中 containers 是镜像实例化的一个虚拟环境,提供一个磁盘,模拟空间,就好比你电脑处于关机状态一样。ctr中 tasks 是将容器运行起来,电脑开机了 ,初始化进程等 ,task就是的这么个形式。ctr containers ls 查看容器root@hello:~# ctr containers ls CONTAINER IMAGE RUNTIME nginx docker.io/library/nginx:alpine io.containerd.runc.v2 root@hello:~# ctr containers create 创建容器root@hello:~# ctr containers create docker.io/library/nginx:alpine nginx root@hello:~# ctr containers rm 删除容器root@hello:~# ctr containers rm nginx root@hello:~# ctr containers ls CONTAINER IMAGE RUNTIME root@hello:~# ctr containers info 查看详细信息root@hello:~# ctr containers info nginx { "ID": "nginx", "Labels": { "io.containerd.image.config.stop-signal": "SIGQUIT" }, "Image": "docker.io/library/nginx:alpine", "Runtime": { "Name": "io.containerd.runc.v2", "Options": { "type_url": "containerd.runc.v1.Options" } }, "SnapshotKey": "nginx", "Snapshotter": "overlayfs", "CreatedAt": "2022-03-21T08:51:45.127872097Z", "UpdatedAt": "2022-03-21T08:51:45.127872097Z", "Extensions": null, "Spec": { ---略---create 的命令创建了容器后,并没有处于运行状态,只是一个静态的容器。一个 container 对象只是包含了运行一个容器所需的资源及配置的数据结构,这意味着 namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程(这里是 nginx)还没有启动。ctr tasks start -d 在后台运行容器root@hello:~# ctr tasks start -d nginx root@hello:~# ctr tasks ls TASK PID STATUS nginx 118454 RUNNING root@hello:~# ctr task exec 进入容器,id随便写就行,需要将其唯一root@hello:~# ctr task exec --exec-id 1 -t nginx sh / # ctr task pause 暂停容器root@hello:~# ctr task pause nginx root@hello:~# ctr task ls TASK PID STATUS nginx 118454 PAUSED root@hello:~#ctr task resume 恢复容器root@hello:~# ctr task resume nginx root@hello:~# ctr task ls TASK PID STATUS nginx 118454 RUNNING root@hello:~# ctr task kill 杀死容器root@hello:~# ctr task kill nginx root@hello:~# ctr task ls TASK PID STATUS nginx 118454 STOPPED root@hello:~# ctr task metrics获取容器信息root@hello:~# ctr task metrics nginx ID TIMESTAMP nginx 2022-03-21 09:05:49.949321537 +0000 UTC METRIC VALUE memory.usage_in_bytes 3821568 memory.limit_in_bytes 9223372036854771712 memory.stat.cache 135168 cpuacct.usage 176641571 cpuacct.usage_percpu [24856408 21740008 12150472 37947198 31775746 28169704 7366623 12635412] pids.current 0 pids.limit 0 root@hello:~# ctr tasks rm 删除容器root@hello:~# ctr tasks rm nginx root@hello:~# ctr tasks ls TASK PID STATUS root@hello:~#https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》