搜索到
208
篇与
默认分类
的结果
-
使用HTMLform表单操作腾讯云DNS控制台 在使用中经常需要修改DNS记录,或者查询、删除操作。每次都得登录腾讯云控制台,腾讯云比较鸡肋的一点就是需要进行微信扫码登录,每次操作太不方便。 可以使用api接口进行操作腾讯云上的产品。所以使用HTML写了一个前端页面,暂时没有美化,目前只有基础功能。前端代码如下,同时可以访问:http://dns.oiox.cn/ 使用<!-- * @Author: 陈步云 * @Date: 2022-01-07 16:52:23 * @LastEditTime: 2022-03-29 15:09:56 * @LastEditors: Please set LastEditors * @Description: 打开koroFileHeader查看配置 进行设置: https://github.com/OBKoro1/koro1FileHeader/wiki/%E9%85%8D%E7%BD%AE * @FilePath: /html/index.nginx-debian.html --> <!DOCTYPE html> <html> <head> <title>Welcome to chenby!</title> <meta charset="UTF-8"> <!-- <script src="http://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="http://oss.maxcdn.com/jquery.form/3.50/jquery.form.min.js"></script> --> <style> body { width: 50em; margin: auto; font-family: Tahoma, Verdana, Arial, sans-serif; } h1{ text-align:center } button{ display:block; margin:0 auto } </style> </head> <body> <h1>腾讯云DNS记录控制台</h1> <h2>查询记录</h2> <form action="https://dnsapi.cn/Record.List" method="POST" > <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json">「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text">「如 oiox.cn」<br><br> </div> <div> 子域名 <input name="sub_domain" type="text">「www」<br><br> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> <h2>新增记录</h2> <form action="https://dnsapi.cn/Record.Create" method="POST"> <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json"> 「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text"> 「如 oiox.cn」<br><br> </div> <div> * 记录类型: <select name="record_type" type="text"> <option value="A">A</option> <option value="AAAA">AAAA</option> <option value="SPF">SPF</option> <option value="CAA">CAA</option> <option value="CNAME">CNAME</option> <option value="MX">MX</option> <option value="TXT">TXT</option> </select> <br> <br> </div> <div> * 主机记录 <input name="sub_domain" type="text"> 「如 www 」<br><br> </div> <div> 解析线路: <select name="record_line" type="text"> <option value="默认">默认</option> <option value="联通">联通</option> <option value="移动">移动</option> <option value="电信">电信</option> <option value="铁通">铁通</option> <option value="境内">境内</option> <option value="境外">境外</option> </select> <br> <br> </div> <div> * 记录值 <input name="value" type="text"> <br>「如 IPv6:2620:119:35::35 IPv4:8.8.8.8, CNAME: cname.dnspod.com., MX: mail.dnspod.com. 等等」<br><br> </div> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> <h2>修改记录</h2> <form action="https://dnsapi.cn/Record.Modify" method="POST"> <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json"> 「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text"> 「如 oiox.cn」<br><br> </div> <div> * 记录ID <input name="record_id" type="text"> 「先使用查询功能查询到record_id」<br><br> </div> <div> * 记录类型: <select name="record_type" type="text"> <option value="A">A</option> <option value="AAAA">AAAA</option> <option value="SPF">SPF</option> <option value="CAA">CAA</option> <option value="CNAME">CNAME</option> <option value="MX">MX</option> <option value="TXT">TXT</option> </select> <br> <br> </div> <div> * 主机记录 <input name="sub_domain" type="text"> 「如 www 」<br><br> </div> <div> 解析线路: <select name="record_line" type="text"> <option value="默认">默认</option> <option value="联通">联通</option> <option value="移动">移动</option> <option value="电信">电信</option> <option value="铁通">铁通</option> <option value="境内">境内</option> <option value="境外">境外</option> </select> <br> <br> </div> <div> * 修改记录值 <input name="value" type="text"> <br>「如 IPv6:2620:119:35::35 IPv4:8.8.8.8, CNAME: cname.dnspod.com., MX: mail.dnspod.com. 等等」<br><br> </div> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> <h2>删除记录</h2> <form action="https://dnsapi.cn/Record.Remove" method="POST"> <div> * 腾讯云token <input name="login_token" type="text"> <br> <br>「去控制台创建 https://console.dnspod.cn/account/token/token <br> 比如 ID 为:13490,ToKen为:6b5976c68aba5b14a0558b77c17c3932。<br> 即完整的 Token 为:13490,6b5976c68aba5b14a0558b77c17c3932 。」 <br> <br> </div> <div> 返回类型 <input name="format" type="text" value="json"> 「默认json」<br><br> </div> <div> * 操作域名 <input name="domain" type="text"> 「如 oiox.cn」<br><br> </div> <div> * 记录ID <input name="record_id" type="text"> 「先使用查询功能查询到record_id」<br><br> </div> <div> <button type="submit" value="提交">提交</button> </div> </form> </body> </html> 会返回一个json解析,建议安装FeHelper工具,可以美化json,方便阅读。 https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》 -
kubernetes(k8s)部署 Metrics Server 资源 资源使用指标,例如容器 CPU 和内存使用率,可通过 Metrics API 在 Kubernetes 中获得。这些指标可以直接被用户访问,比如使用 kubectl top 命令行,或者被集群中的控制器 (例如 Horizontal Pod Autoscalers) 使用来做决策。配置api聚合层添加配置api启动service文件 --enable-aggregator-routing=true ps -ef |grep apiserver|grep enable-aggregator-routing root 1147 1 10 10:23 ? 00:30:13 /usr/local/bin/kube-apiserver --v=2 --logtostderr=true --allow-privileged=true --bind-address=0.0.0.0 --secure-port=6443 --insecure-port=0 --advertise-address=192.168.1.30 --service-cluster-ip-range=10.96.0.0/12 --service-node-port-range=30000-32767 --etcd-servers=https://192.168.1.30:2379,https://192.168.1.31:2379,https://192.168.1.32:2379 --etcd-cafile=/etc/etcd/ssl/etcd-ca.pem --etcd-certfile=/etc/etcd/ssl/etcd.pem --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem --client-ca-file=/etc/kubernetes/pki/ca.pem --tls-cert-file=/etc/kubernetes/pki/apiserver.pem --tls-private-key-file=/etc/kubernetes/pki/apiserver-key.pem --kubelet-client-certificate=/etc/kubernetes/pki/apiserver.pem --kubelet-client-key=/etc/kubernetes/pki/apiserver-key.pem --service-account-key-file=/etc/kubernetes/pki/sa.pub --service-account-signing-key-file=/etc/kubernetes/pki/sa.key --service-account-issuer=https://kubernetes.default.svc.cluster.local --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,DefaultStorageClass,DefaultTolerationSeconds,NodeRestriction,ResourceQuota --authorization-mode=Node,RBAC --enable-bootstrap-token-auth=true --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.pem --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client-key.pem --requestheader-allowed-names=aggregator --requestheader-group-headers=X-Remote-Group --requestheader-extra-headers-prefix=X-Remote-Extra- --requestheader-username-headers=X-Remote-User --enable-aggregator-routing=true创建应用权限 RBAC 资源文件root@hello:~/cby# cat metrics-rbac.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:aggregated-metrics-reader labels: rbac.authorization.k8s.io/aggregate-to-view: "true" rbac.authorization.k8s.io/aggregate-to-edit: "true" rbac.authorization.k8s.io/aggregate-to-admin: "true" rules: - apiGroups: ["metrics.k8s.io"] resources: ["pods", "nodes"] verbs: ["get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: metrics-server:system:auth-delegator roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:auth-delegator subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: metrics-server-auth-reader namespace: kube-system roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: extension-apiserver-authentication-reader subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: system:metrics-server rules: - apiGroups: - "" resources: - pods - nodes - nodes/stats - namespaces verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: system:metrics-server roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:metrics-server subjects: - kind: ServiceAccount name: metrics-server namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: metrics-server namespace: kube-system root@hello:~/cby#创建 APIService 资源文件 设置扩展 API Service 工作于聚合层,允许使用其 API 扩展 Kubernetes apiserver,而这些 API 并不是核心 Kubernetes API 的一部分。这里部署 APIservice 资源,来提供 Kubernetes Metrics 指标 API 数据。root@hello:~/cby# cat metrics-api-service.yaml ## APIService apiVersion: apiregistration.k8s.io/v1 kind: APIService metadata: name: v1beta1.metrics.k8s.io spec: service: name: metrics-server namespace: kube-system port: 443 group: metrics.k8s.io version: v1beta1 insecureSkipTLSVerify: true groupPriorityMinimum: 100 versionPriority: 100 root@hello:~/cby#创建 Metrics Server 应用资源文件root@hello:~/cby# cat metrics-server-deploy.yaml apiVersion: apps/v1 kind: Deployment metadata: name: metrics-server namespace: kube-system labels: k8s-app: metrics-server spec: selector: matchLabels: k8s-app: metrics-server template: metadata: name: metrics-server labels: k8s-app: metrics-server spec: serviceAccountName: metrics-server volumes: # mount in tmp so we can safely use from-scratch images and/or read-only containers - name: tmp-dir emptyDir: {} hostNetwork: true containers: - name: metrics-server image: bitnami/metrics-server # command: # - /metrics-server # - --kubelet-insecure-tls # - --kubelet-preferred-address-types=InternalIP args: - --cert-dir=/tmp - --secure-port=4443 - --kubelet-insecure-tls=true - --kubelet-preferred-address-types=InternalIP,Hostname,InternalDNS,externalDNS ports: - name: main-port containerPort: 4443 protocol: TCP securityContext: readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1000 imagePullPolicy: Always volumeMounts: - name: tmp-dir mountPath: /tmp nodeSelector: beta.kubernetes.io/os: linux --- apiVersion: v1 kind: Service metadata: name: metrics-server namespace: kube-system labels: kubernetes.io/name: "Metrics-server" kubernetes.io/cluster-service: "true" spec: selector: k8s-app: metrics-server ports: - port: 443 protocol: TCP targetPort: 4443 root@hello:~/cby#通过 Kubectl 命令部署root@hello:~/cby# kubectl apply -f metrics-rbac.yaml -n kube-system clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created clusterrole.rbac.authorization.k8s.io/system:metrics-server created clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created serviceaccount/metrics-server created root@hello:~/cby# kubectl apply -f metrics-api-service.yaml -n kube-system apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created root@hello:~/cby# kubectl apply -f metrics-server-deploy.yaml -n kube-system Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead deployment.apps/metrics-server created service/metrics-server created root@hello:~/cby# 验证 root@hello:~/cby# kubectl get pod -A | grep metrics-server kube-system metrics-server-5c69d5d5b7-b6246 1/1 Running 0 2m25s root@hello:~/cby# 查看日志 root@hello:~/cby# kubectl logs -n kube-system metrics-server-5c69d5d5b7-b6246 I0328 07:11:37.676490 1 serving.go:341] Generated self-signed cert (/tmp/apiserver.crt, /tmp/apiserver.key) I0328 07:11:38.148457 1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController I0328 07:11:38.148472 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::client-ca-file I0328 07:11:38.148507 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file I0328 07:11:38.148475 1 configmap_cafile_content.go:202] Starting client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file I0328 07:11:38.148550 1 shared_informer.go:240] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file I0328 07:11:38.148490 1 shared_informer.go:240] Waiting for caches to sync for RequestHeaderAuthRequestController I0328 07:11:38.149073 1 dynamic_serving_content.go:130] Starting serving-cert::/tmp/apiserver.crt::/tmp/apiserver.key I0328 07:11:38.149428 1 secure_serving.go:202] Serving securely on [::]:4443 I0328 07:11:38.149535 1 tlsconfig.go:240] Starting DynamicServingCertificateController I0328 07:11:38.248713 1 shared_informer.go:247] Caches are synced for RequestHeaderAuthRequestController I0328 07:11:38.248732 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file I0328 07:11:38.248754 1 shared_informer.go:247] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file root@hello:~/cby# 查看node资源信息 root@hello:~/cby# kubectl top node NAME CPU(cores) CPU% MEMORY(bytes) MEMORY% 192.168.1.50 184m 2% 4354Mi 56% 192.168.1.51 207m 2% 3892Mi 50% 192.168.1.52 197m 2% 3881Mi 50% 192.168.1.53 185m 2% 3528Mi 46% 192.168.1.54 109m 1% 3427Mi 44% root@hello:~/cby# 查看pod资源信息 root@hello:~/cby# kubectl top pod -n kube-system NAME CPU(cores) MEMORY(bytes) calico-kube-controllers-754966f84c-jm7f7 5m 25Mi calico-node-9tvck 43m 69Mi calico-node-kt2pk 41m 68Mi calico-node-skm82 45m 70Mi calico-node-t4lhb 44m 65Mi calico-node-tz5k9 45m 66Mi coredns-596755dbff-7ggzl 3m 15Mi dashboard-metrics-scraper-799d786dbf-s6r5f 1m 7Mi kubernetes-dashboard-9f8c8b989-57fhz 1m 13Mi metrics-server-5c69d5d5b7-b6246 4m 16Mi node-local-dns-4hzvh 5m 17Mi node-local-dns-6zpdh 3m 17Mi node-local-dns-9jmzz 5m 16Mi node-local-dns-q8pcw 5m 17Mi node-local-dns-tpm6b 5m 29Mi root@hello:~/cby# 查看单个pod资源信息 root@hello:~/cby# kubectl top pod -n kube-system metrics-server-5c69d5d5b7-b6246 NAME CPU(cores) MEMORY(bytes) metrics-server-5c69d5d5b7-b6246 4m 13Mi root@hello:~/cby# https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
-
利用NGINX搭建部署直播流媒体服务器 直播如今是一个老生常谈的问题,怎么用于直播,大多数人只晓得,大佬某平台直播软件,点击开始即可直播。那么如何来搭建一个简易的直播平台呢?仅仅是有直播功能,没有涉及转码以及播放软件。安装nginx以及rtmp模块 root@cby:~# apt install nginx root@cby:~# apt install libnginx-mod-rtmp 修改配置以支持rtmp root@cby:~# vim /etc/nginx/nginx.conf rtmp { server { listen 1935; chunk_size 4096; application live { live on; } } } 检查是否有报错 root@cby:~# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful root@cby:~# 重启nginx root@cby:~# systemctl restart nginx 使用obs直播工具进行推流操作 rtmp://<你的域名或者IP>:1935/live使用vlc拉流播放查看效果https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
-
Containerd 入门基础操作 Containerd 被 Docker、Kubernetes CRI 和其他一些项目使用Containerd 旨在轻松嵌入到更大的系统中。Docker 在后台使用 containerd来运行容器。Kubernetes 可以通过 CRI 使用 containerd来管理单个节点上的容器。生成默认配置root@hello:~# containerd config default > /etc/containerd/config.toml root@hello:~# vim /etc/containerd/config.toml root@hello:~# cat /etc/containerd/config.toml version = 2 root = "/var/lib/containerd" state = "/run/containerd" plugin_dir = "" disabled_plugins = [] required_plugins = [] oom_score = 0 [grpc] address = "/run/containerd/containerd.sock" tcp_address = "" tcp_tls_cert = "" tcp_tls_key = "" uid = 0 gid = 0 max_recv_message_size = 16777216 max_send_message_size = 16777216 [ttrpc] address = "" uid = 0 gid = 0 [debug] address = "" uid = 0 gid = 0 level = "" [metrics] address = "" grpc_histogram = false [cgroup] path = "" [timeouts] "io.containerd.timeout.shim.cleanup" = "5s" "io.containerd.timeout.shim.load" = "5s" "io.containerd.timeout.shim.shutdown" = "3s" "io.containerd.timeout.task.state" = "2s" [plugins] [plugins."io.containerd.gc.v1.scheduler"] pause_threshold = 0.02 deletion_threshold = 0 mutation_threshold = 100 schedule_delay = "0s" startup_delay = "100ms" [plugins."io.containerd.grpc.v1.cri"] disable_tcp_service = true stream_server_address = "127.0.0.1" stream_server_port = "0" stream_idle_timeout = "4h0m0s" enable_selinux = false selinux_category_range = 1024 sandbox_image = "k8s.gcr.io/pause:3.2" stats_collect_period = 10 systemd_cgroup = false enable_tls_streaming = false max_container_log_line_size = 16384 disable_cgroup = false disable_apparmor = false restrict_oom_score_adj = false max_concurrent_downloads = 3 disable_proc_mount = false unset_seccomp_profile = "" tolerate_missing_hugetlb_controller = true disable_hugetlb_controller = true ignore_image_defined_volumes = false [plugins."io.containerd.grpc.v1.cri".containerd] snapshotter = "overlayfs" default_runtime_name = "runc" no_pivot = false disable_snapshot_annotations = true discard_unpacked_layers = false [plugins."io.containerd.grpc.v1.cri".containerd.default_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.untrusted_workload_runtime] runtime_type = "" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes] [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" runtime_engine = "" runtime_root = "" privileged_without_host_devices = false base_runtime_spec = "" [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options] [plugins."io.containerd.grpc.v1.cri".cni] bin_dir = "/opt/cni/bin" conf_dir = "/etc/cni/net.d" max_conf_num = 1 conf_template = "" [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://registry-1.docker.io"] [plugins."io.containerd.grpc.v1.cri".image_decryption] key_model = "" [plugins."io.containerd.grpc.v1.cri".x509_key_pair_streaming] tls_cert_file = "" tls_key_file = "" [plugins."io.containerd.internal.v1.opt"] path = "/opt/containerd" [plugins."io.containerd.internal.v1.restart"] interval = "10s" [plugins."io.containerd.metadata.v1.bolt"] content_sharing_policy = "shared" [plugins."io.containerd.monitor.v1.cgroups"] no_prometheus = false [plugins."io.containerd.runtime.v1.linux"] shim = "containerd-shim" runtime = "runc" runtime_root = "" no_shim = false shim_debug = false [plugins."io.containerd.runtime.v2.task"] platforms = ["linux/amd64"] [plugins."io.containerd.service.v1.diff-service"] default = ["walking"] [plugins."io.containerd.snapshotter.v1.devmapper"] root_path = "" pool_name = "" base_image_size = "" async_remove = false root@hello:~# 配置镜像加速器 [plugins."io.containerd.grpc.v1.cri".registry] [plugins."io.containerd.grpc.v1.cri".registry.mirrors] [plugins."io.containerd.grpc.v1.cri".registry.mirrors."docker.io"] endpoint = ["https://ted9wxpi.mirror.aliyuncs.com"]ctr 相当于核心组件,通过加载插件的方式来支持各种操作。使用 ctr plugins ls 来查看当前加载的插件和支持的操作。[root@k8s-master01 ~]# ctr plugins ls TYPE ID PLATFORMS STATUS io.containerd.content.v1 content - ok io.containerd.snapshotter.v1 aufs linux/amd64 error io.containerd.snapshotter.v1 devmapper linux/amd64 error io.containerd.snapshotter.v1 native linux/amd64 ok io.containerd.snapshotter.v1 overlayfs linux/amd64 ok io.containerd.snapshotter.v1 zfs linux/amd64 error io.containerd.metadata.v1 bolt - ok io.containerd.differ.v1 walking linux/amd64 ok io.containerd.gc.v1 scheduler - ok io.containerd.service.v1 introspection-service - ok io.containerd.service.v1 containers-service - ok io.containerd.service.v1 content-service - ok io.containerd.service.v1 diff-service - ok io.containerd.service.v1 images-service - ok io.containerd.service.v1 leases-service - ok io.containerd.service.v1 namespaces-service - ok io.containerd.service.v1 snapshots-service - ok io.containerd.runtime.v1 linux linux/amd64 ok io.containerd.runtime.v2 task linux/amd64 ok io.containerd.monitor.v1 cgroups linux/amd64 ok io.containerd.service.v1 tasks-service - ok io.containerd.internal.v1 restart - ok io.containerd.grpc.v1 containers - ok io.containerd.grpc.v1 content - ok io.containerd.grpc.v1 diff - ok io.containerd.grpc.v1 events - ok io.containerd.grpc.v1 healthcheck - ok io.containerd.grpc.v1 images - ok io.containerd.grpc.v1 leases - ok io.containerd.grpc.v1 namespaces - ok io.containerd.internal.v1 opt - ok io.containerd.grpc.v1 snapshots - ok io.containerd.grpc.v1 tasks - ok io.containerd.grpc.v1 version - ok io.containerd.grpc.v1 cri linux/amd64 ok [root@k8s-master01 ~]#ctr plugins ls 命令会展示三列 ,第二列 ID 就是对应的命令。例如 plugins 的 id 为 content 可使用 ctr content --help 来查看帮助,以及其他命令来执行操作。[root@k8s-master01 ~]# ctr content --help NAME: ctr content - manage content USAGE: ctr content [global options] command [command options] [arguments...] VERSION: 1.4.13 COMMANDS: active display active transfers delete, del, remove, rm permanently delete one or more blobs edit edit a blob and return a new digest fetch fetch all content for an image into containerd fetch-object retrieve objects from a remote get get the data for an object ingest accept content into the store list, ls list all blobs in the store push-object push an object to a remote label add labels to content GLOBAL OPTIONS: --help, -h show help [root@k8s-master01 ~]# 查看有哪些命名空间[root@k8s-master01 ~]# ctr namespace ls NAME LABELS default k8s.io [root@k8s-master01 ~]# 查看 k8s.io 空间下的镜像有哪些[root@k8s-master01 ~]# ctr -n k8s.io images ls REF TYPE DIGEST SIZE PLATFORMS LABELS k8s.gcr.io/ingress-nginx/kube-webhook-certgen@sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 application/vnd.docker.distribution.manifest.list.v2+json sha256:64d8c73dca984af206adf9d6d7e46aa550362b1d7a01f3a0a91b20cc67868660 18.0 MiB linux/amd64,linux/arm/v7,linux/arm64,linux/s390x接下来 从 容器的 生命周期流程 来说明 ctr 命令的使用。ctr images ls 查看镜像[root@k8s-master01 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x - [root@k8s-master01 ~]#ctr images pull 拉取镜像 [root@k8s-master01 ~]# ctr images pull docker.io/library/nginx:alpine docker.io/library/nginx:alpine: resolved |++++++++++++++++++++++++++++++++++++++| index-sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a: done |++++++++++++++++++++++++++++++++++++++| manifest-sha256:1e3458b8841319dec826a9a63b66f98c0bb260d50454dcdbdfe414eed362a3c4: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:9a9d990f68b82fceea08b4b08a0549e3de8ba7840ac721e0b8cc4d2d27e33ccf: done |++++++++++++++++++++++++++++++++++++++| config-sha256:7d73f57a7cf733ff46e22c3d60cb237f7b29e8e7ec6753922f2daa7f5af5d186: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:6c53e58c6af6338b6ea1ddeb46b638a719e4afdd2cffb5cf80362af3e61099d1: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:bda3fba8f6c468c5b9f60cec056498ebdedf711410c8864f956f0b8d3408428c: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:e07cc103cea6f44382a40ffe1f7d893781521aa2723765c069f23480e674dd0c: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:3d243047344378e9b7136d552d48feb7ea8b6fe14ce0990e0cc011d5e369626a: done |++++++++++++++++++++++++++++++++++++++| layer-sha256:4ba4f346920eaf3fd54877cf123ac46a7bbea16f23d4b0bdc210988ebe7969f0: done |++++++++++++++++++++++++++++++++++++++| elapsed: 14.8s total: 9.7 Mi (671.0 KiB/s) unpacking linux/amd64 sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a... done [root@k8s-master01 ~]# 只有通过 crictl 或者 Kubernetes 调用时 mirror 才会生效,通过 ctr 拉取是不会生效的。ctr images rm 删除镜像[root@k8s-master01 ~]# ctr images rm docker.io/library/nginx:alpine docker.io/library/nginx:alpine [root@k8s-master01 ~]# [root@k8s-master01 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS [root@k8s-master01 ~]# ctr images mount 挂载[root@k8s-master01 ~]# ctr images ls REF TYPE DIGEST SIZE PLATFORMS LABELS docker.io/library/nginx:alpine application/vnd.docker.distribution.manifest.list.v2+json sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a 9.7 MiB linux/386,linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8,linux/ppc64le,linux/s390x - [root@k8s-master01 ~]# ctr images mount docker.io/library/nginx:alpine /cby sha256:7a7cbbee0f17b403a980a36ae708bbd9ee428511a7219da36c50ce7e33662d43 /cby [root@k8s-master01 ~]# [root@k8s-master01 ~]# ls /cby/ bin docker-entrypoint.d etc lib mnt proc run srv tmp var dev docker-entrypoint.sh home media opt root sbin sys usr [root@k8s-master01 ~]# ctr images unmount 卸载[root@k8s-master01 ~]# ctr images unmount /cby /cby [root@k8s-master01 ~]#ctr images export 导出镜像root@hello:~# ctr images export nginx.tar docker.io/library/nginx:alpine root@hello:~# root@hello:~# ls nginx.tar nginx.tar root@hello:~# ctr images import 导入镜像root@hello:~# ctr images import nginx.tar unpacking docker.io/library/nginx:alpine (sha256:77cc350019d0188d3115084265483dcefdd8489ccf719ff4e4c956b48de8ff6a)...done root@hello:~# ctr中 containers 是镜像实例化的一个虚拟环境,提供一个磁盘,模拟空间,就好比你电脑处于关机状态一样。ctr中 tasks 是将容器运行起来,电脑开机了 ,初始化进程等 ,task就是的这么个形式。ctr containers ls 查看容器root@hello:~# ctr containers ls CONTAINER IMAGE RUNTIME nginx docker.io/library/nginx:alpine io.containerd.runc.v2 root@hello:~# ctr containers create 创建容器root@hello:~# ctr containers create docker.io/library/nginx:alpine nginx root@hello:~# ctr containers rm 删除容器root@hello:~# ctr containers rm nginx root@hello:~# ctr containers ls CONTAINER IMAGE RUNTIME root@hello:~# ctr containers info 查看详细信息root@hello:~# ctr containers info nginx { "ID": "nginx", "Labels": { "io.containerd.image.config.stop-signal": "SIGQUIT" }, "Image": "docker.io/library/nginx:alpine", "Runtime": { "Name": "io.containerd.runc.v2", "Options": { "type_url": "containerd.runc.v1.Options" } }, "SnapshotKey": "nginx", "Snapshotter": "overlayfs", "CreatedAt": "2022-03-21T08:51:45.127872097Z", "UpdatedAt": "2022-03-21T08:51:45.127872097Z", "Extensions": null, "Spec": { ---略---create 的命令创建了容器后,并没有处于运行状态,只是一个静态的容器。一个 container 对象只是包含了运行一个容器所需的资源及配置的数据结构,这意味着 namespaces、rootfs 和容器的配置都已经初始化成功了,只是用户进程(这里是 nginx)还没有启动。ctr tasks start -d 在后台运行容器root@hello:~# ctr tasks start -d nginx root@hello:~# ctr tasks ls TASK PID STATUS nginx 118454 RUNNING root@hello:~# ctr task exec 进入容器,id随便写就行,需要将其唯一root@hello:~# ctr task exec --exec-id 1 -t nginx sh / # ctr task pause 暂停容器root@hello:~# ctr task pause nginx root@hello:~# ctr task ls TASK PID STATUS nginx 118454 PAUSED root@hello:~#ctr task resume 恢复容器root@hello:~# ctr task resume nginx root@hello:~# ctr task ls TASK PID STATUS nginx 118454 RUNNING root@hello:~# ctr task kill 杀死容器root@hello:~# ctr task kill nginx root@hello:~# ctr task ls TASK PID STATUS nginx 118454 STOPPED root@hello:~# ctr task metrics获取容器信息root@hello:~# ctr task metrics nginx ID TIMESTAMP nginx 2022-03-21 09:05:49.949321537 +0000 UTC METRIC VALUE memory.usage_in_bytes 3821568 memory.limit_in_bytes 9223372036854771712 memory.stat.cache 135168 cpuacct.usage 176641571 cpuacct.usage_percpu [24856408 21740008 12150472 37947198 31775746 28169704 7366623 12635412] pids.current 0 pids.limit 0 root@hello:~# ctr tasks rm 删除容器root@hello:~# ctr tasks rm nginx root@hello:~# ctr tasks ls TASK PID STATUS root@hello:~#https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》
-
Kubernetes 各个组件 启动参数介绍 kube-controller-managerKubernetes 控制器管理器是一个守护进程,内嵌随 Kubernetes 一起发布的核心控制回路。在机器人和自动化的应用中,控制回路是一个永不休止的循环,用于调节系统状态。在 Kubernetes 中,每个控制器是一个控制回路,通过 API 服务器监视集群的共享状态, 并尝试进行更改以将当前状态转为期望状态。目前,Kubernetes 自带的控制器例子包括副本控制器、节点控制器、命名空间控制器和服务账号控制器等。cat > /usr/lib/systemd/system/kube-controller-manager.service << EOF [Unit] Description=Kubernetes Controller Manager Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] ExecStart=/usr/local/bin/kube-controller-manager \ --v=2 \ --logtostderr=true \ --address=127.0.0.1 \ --root-ca-file=/etc/kubernetes/pki/ca.pem \ --cluster-signing-cert-file=/etc/kubernetes/pki/ca.pem \ --cluster-signing-key-file=/etc/kubernetes/pki/ca-key.pem \ --service-account-private-key-file=/etc/kubernetes/pki/sa.key \ --kubeconfig=/etc/kubernetes/controller-manager.kubeconfig \ --leader-elect=true \ --use-service-account-credentials=true \ --node-monitor-grace-period=40s \ --node-monitor-period=5s \ --pod-eviction-timeout=2m0s \ --controllers=*,bootstrapsigner,tokencleaner \ --allocate-node-cidrs=true \ --cluster-cidr=172.16.0.0/12 \ --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.pem \ --node-cidr-mask-size=24 Restart=always RestartSec=10s [Install] WantedBy=multi-user.target EOF -v, --v int 日志级别详细程度取值。 --logtostderr 默认值:true 将日志写出到标准错误输出(stderr)而不是写入到日志文件。 --root-ca-file string 如果此标志非空,则在服务账号的令牌 Secret 中会包含此根证书机构。所指定标志值必须是一个合法的 PEM 编码的 CA 证书包。 --cluster-signing-cert-file string 包含 PEM 编码格式的 X509 CA 证书的文件名。该证书用来发放集群范围的证书。如果设置了此标志,则不能指定更具体的--cluster-signing-* 标志。 --cluster-signing-key-file string 包含 PEM 编码的 RSA 或 ECDSA 私钥的文件名。该私钥用来对集群范围证书签名。若指定了此选项,则不可再设置 --cluster-signing-* 参数。 --kubeconfig string 指向 kubeconfig 文件的路径。该文件中包含主控节点位置以及鉴权凭据信息。 --leader-elect 默认值:true 在执行主循环之前,启动领导选举(Leader Election)客户端,并尝试获得领导者身份。在运行多副本组件时启用此标志有助于提高可用性。 --use-service-account-credentials 当此标志为 true 时,为每个控制器单独使用服务账号凭据。 --node-monitor-grace-period duration 默认值:40s 在将一个 Node 标记为不健康之前允许其无响应的时长上限。必须比 kubelet 的 nodeStatusUpdateFrequency 大 N 倍;这里 N 指的是 kubelet 发送节点状态的重试次数。 --node-monitor-period duration 默认值:5s 节点控制器对节点状态进行同步的重复周期。 --pod-eviction-timeout duration 默认值:5m0s 在失效的节点上删除 Pods 时为其预留的宽限期。 --controllers strings 默认值:[*] 要启用的控制器列表。\* 表示启用所有默认启用的控制器;foo 启用名为 foo 的控制器;-foo 表示禁用名为 foo 的控制器。 控制器的全集:attachdetach、bootstrapsigner、cloud-node-lifecycle、clusterrole-aggregation、cronjob、csrapproving、csrcleaner、csrsigning、daemonset、deployment、disruption、endpoint、endpointslice、endpointslicemirroring、ephemeral-volume、garbagecollector、horizontalpodautoscaling、job、namespace、nodeipam、nodelifecycle、persistentvolume-binder、persistentvolume-expander、podgc、pv-protection、pvc-protection、replicaset、replicationcontroller、resourcequota、root-ca-cert-publisher、route、service、serviceaccount、serviceaccount-token、statefulset、tokencleaner、ttl、ttl-after-finished 默认禁用的控制器有:bootstrapsigner 和 tokencleaner。 --allocate-node-cidrs 基于云驱动来为 Pod 分配和设置子网掩码。 --requestheader-client-ca-file string 根证书包文件名。在信任通过 --requestheader-username-headers 所指定的任何用户名之前,要使用这里的证书来检查请求中的客户证书。警告:一般不要依赖对请求所作的鉴权结果。 --node-cidr-mask-size int32 集群中节点 CIDR 的掩码长度。对 IPv4 而言默认为 24;对 IPv6 而言默认为 64。 --node-cidr-mask-size-ipv4 int32 在双堆栈(同时支持 IPv4 和 IPv6)的集群中,节点 IPV4 CIDR 掩码长度。默认为 24。 --node-cidr-mask-size-ipv6 int32 在双堆栈(同时支持 IPv4 和 IPv6)的集群中,节点 IPv6 CIDR 掩码长度。默认为 64。kube-schedulerKubernetes 调度器是一个控制面进程,负责将 Pods 指派到节点上。调度器基于约束和可用资源为调度队列中每个 Pod 确定其可合法放置的节点。调度器之后对所有合法的节点进行排序,将 Pod 绑定到一个合适的节点。在同一个集群中可以使用多个不同的调度器;kube-scheduler 是其参考实现。参阅调度 以获得关于调度和 kube-scheduler 组件的更多信息。cat > /usr/lib/systemd/system/kube-scheduler.service << EOF [Unit] Description=Kubernetes Scheduler Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] ExecStart=/usr/local/bin/kube-scheduler \ --v=2 \ --logtostderr=true \ --address=127.0.0.1 \ --leader-elect=true \ --kubeconfig=/etc/kubernetes/scheduler.kubeconfig Restart=always RestartSec=10s [Install] WantedBy=multi-user.target --logtostderr 默认值:true 日志记录到标准错误输出而不是文件。 --leader-elect 默认值:true 在执行主循环之前,开始领导者选举并选出领导者。使用多副本来实现高可用性时,可启用此标志。 --kubeconfig string 已弃用: 包含鉴权和主节点位置信息的 kubeconfig 文件的路径。如果 --config 指定了一个配置文件,那么这个参数将被忽略。kubeletkubelet 是在每个 Node 节点上运行的主要 “节点代理”。它可以使用以下之一向 apiserver 注册:主机名(hostname);覆盖主机名的参数;某云驱动的特定逻辑。kubelet 是基于 PodSpec 来工作的。每个 PodSpec 是一个描述 Pod 的 YAML 或 JSON 对象。kubelet 接受通过各种机制(主要是通过 apiserver)提供的一组 PodSpec,并确保这些 PodSpec 中描述的容器处于运行状态且运行状况良好。kubelet 不管理不是由 Kubernetes 创建的容器。除了来自 apiserver 的 PodSpec 之外,还可以通过以下三种方式将容器清单(manifest)提供给 kubelet。文件(File):利用命令行参数传递路径。kubelet 周期性地监视此路径下的文件是否有更新。监视周期默认为 20s,且可通过参数进行配置。HTTP 端点(HTTP endpoint):利用命令行参数指定 HTTP 端点。此端点的监视周期默认为 20 秒,也可以使用参数进行配置。HTTP 服务器(HTTP server):kubelet 还可以侦听 HTTP 并响应简单的 API (目前没有完整规范)来提交新的清单。cat > /etc/systemd/system/kubelet.service.d/10-kubelet.conf << EOF [Service] Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.kubeconfig --kubeconfig=/etc/kubernetes/kubelet.kubeconfig" Environment="KUBELET_SYSTEM_ARGS=--network-plugin=cni --cni-conf-dir=/etc/cni/net.d --cni-bin-dir=/opt/cni/bin --container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock --cgroup-driver=systemd" Environment="KUBELET_CONFIG_ARGS=--config=/etc/kubernetes/kubelet-conf.yml" Environment="KUBELET_EXTRA_ARGS=--node-labels=node.kubernetes.io/node='' " ExecStart= ExecStart=/usr/local/bin/kubelet \$KUBELET_KUBECONFIG_ARGS \$KUBELET_CONFIG_ARGS \$KUBELET_SYSTEM_ARGS \$KUBELET_EXTRA_ARGS EOF --bootstrap-kubeconfig string 某 kubeconfig 文件的路径,该文件将用于获取 kubelet 的客户端证书。如果 --kubeconfig 所指定的文件不存在,则使用引导所用 kubeconfig 从 API 服务器请求客户端证书。成功后,将引用生成的客户端证书和密钥的 kubeconfig 写入 --kubeconfig 所指定的路径。客户端证书和密钥文件将存储在 --cert-dir 所指的目录。 --kubeconfig string kubeconfig 配置文件的路径,指定如何连接到 API 服务器。提供 --kubeconfig 将启用 API 服务器模式,而省略 --kubeconfig 将启用独立模式。 --network-plugin string <警告:alpha 特性> 设置 kubelet/Pod 生命周期中各种事件调用的网络插件的名称。仅当容器运行环境设置为 docker 时,此特定于 docker 的参数才有效。 --cni-conf-dir string 默认值:/etc/cni/net.d <警告:alpha 特性> 此值为某目录的全路径名。kubelet 将在其中搜索 CNI 配置文件。仅当容器运行环境设置为 docker 时,此特定于 docker 的参数才有效。 --cni-bin-dir string 默认值:/opt/cni/bin <警告:alpha 特性> 此值为以逗号分隔的完整路径列表。kubelet 将在所指定路径中搜索 CNI 插件的可执行文件。仅当容器运行环境设置为 docker 时,此特定于 docker 的参数才有效。 --container-runtime string 默认值:docker 要使用的容器运行时。目前支持 docker、remote。 --runtime-request-timeout duration 默认值:2m0s 设置除了长时间运行的请求(包括 pull、logs、exec 和 attach 等操作)之外的其他运行时请求的超时时间。到达超时时间时,请求会被取消,抛出一个错误并会等待重试。已弃用:应在 --config 所给的配置文件中进行设置。 --container-runtime-endpoint string 默认值:unix:///var/run/dockershim.sock [实验性特性] 远程运行时服务的端点。目前支持 Linux 系统上的 UNIX 套接字和 Windows 系统上的 npipe 和 TCP 端点。例如:unix:///var/run/dockershim.sock、 npipe:////./pipe/dockershim。 --cgroup-driver string 默认值:cgroupfs kubelet 用来操作本机 cgroup 时使用的驱动程序。支持的选项包括 cgroupfs 和 systemd。已弃用:应在 --config 所给的配置文件中进行设置。kube-proxyKubernetes 网络代理在每个节点上运行。网络代理反映了每个节点上 Kubernetes API 中定义的服务,并且可以执行简单的 TCP、UDP 和 SCTP 流转发,或者在一组后端进行 循环 TCP、UDP 和 SCTP 转发。当前可通过 Docker-links-compatible 环境变量找到服务集群 IP 和端口, 这些环境变量指定了服务代理打开的端口。有一个可选的插件,可以为这些集群 IP 提供集群 DNS。用户必须使用 apiserver API 创建服务才能配置代理。cat > /usr/lib/systemd/system/kube-proxy.service << EOF [Unit] Description=Kubernetes Kube Proxy Documentation=https://github.com/kubernetes/kubernetes After=network.target [Service] ExecStart=/usr/local/bin/kube-proxy \ --config=/etc/kubernetes/kube-proxy.yaml \ --v=2 Restart=always RestartSec=10s [Install] WantedBy=multi-user.target EOF --config string 配置文件的路径。https://www.oiox.cn/https://www.chenby.cn/https://cby-chen.github.io/https://weibo.com/u/5982474121https://blog.csdn.net/qq_33921750https://my.oschina.net/u/3981543https://www.zhihu.com/people/chen-bu-yun-2https://segmentfault.com/u/hppyvyv6/articleshttps://juejin.cn/user/3315782802482007https://space.bilibili.com/352476552/articlehttps://cloud.tencent.com/developer/column/93230https://www.jianshu.com/u/0f894314ae2chttps://www.toutiao.com/c/user/token/MS4wLjABAAAAeqOrhjsoRZSj7iBJbjLJyMwYT5D0mLOgCoo4pEmpr4A/CSDN、GitHub、知乎、开源中国、思否、掘金、简书、腾讯云、哔哩哔哩、今日头条、新浪微博、个人博客、全网可搜《小陈运维》