K8S污点容忍案例 

[root@lecode-pre74 ~]# setenforce 0
setenforce: SELinux is disabled
[root@lecode-pre74 ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
[root@lecode-pre74 ~]# free -h
              total        used        free      shared  buff/cache   available
Mem:            30G        392M         30G        8.6M        205M         30G
Swap:            0B          0B          0B
[root@lecode-pre74 ~]# cat <<EOF | tee /etc/modules-load.d/k8s.conf
> br_netfilter
> EOF
br_netfilter
[root@lecode-pre74 ~]# cat <<EOF | tee /etc/sysctl.d/k8s.conf
> net.bridge.bridge-nf-call-ip6tables = 1
> net.bridge.bridge-nf-call-iptables = 1
> EOF
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
[root@lecode-pre74 ~]# sysctl --system
[root@lecode-pre74 ~]# curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@lecode-pre74 ~]# curl -o /etc/yum.repos.d/docker-ce.repo https://download.docker.com/linux/centos/docker-ce.repo
[root@lecode-pre74 ~]# sed -i 's+download.docker.com+mirrors.tuna.tsinghua.edu.cn/docker-ce+' /etc/yum.repos.d/docker-ce.repo
[root@lecode-pre74 ~]# yum -y install epel-release docker-ce-20.10.18
[root@lecode-pre74 ~]# mkdir -p /etc/docker
[root@lecode-pre74 ~]# vim /etc/docker/daemon.json
[root@lecode-pre74 ~]# systemctl enable --now docker && systemctl status docker
[root@lecode-pre74 ~]# cat  > /etc/yum.repos.d/kubernetes.repo <<EOF
> [kubernetes]
> name=Kubernetes
> baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
> enabled=1
> gpgcheck=0
> repo_gpgcheck=0
> EOF
[root@lecode-pre74 ~]# yum -y install  kubeadm-1.20.9  kubelet-1.20.9  kubectl-1.20.9
Complete!

[root@lecode-pre74 ~]# systemctl enable --now kubelet && systemctl status kubelet


#在master节点查询加入节点的命令
[root@lecode-pre55 ~]# kubeadm token create --print-join-command
kubeadm join 172.17.1.55:6443 --token 75t3w8.qldcspscavh916h6     --discovery-token-ca-cert-hash sha256:6e936ed6fac759c490345cde62f35c42a7ed4337a9881a133fe74cef3991f1cf 

#在新节点执行
[root@lecode-pre74 ~]# kubeadm join 172.17.1.55:6443 --token 75t3w8.qldcspscavh916h6     --discovery-token-ca-cert-hash sha256:6e936ed6fac759c490345cde62f35c42a7ed4337a9881a133fe74cef3991f1cf
[preflight] Running pre-flight checks
	[WARNING SystemVerification]: this Docker version is not on the list of validated versions: 20.10.18. Latest validated version: 19.03
	[WARNING Hostname]: hostname "lecode-pre74" could not be reached
	[WARNING Hostname]: hostname "lecode-pre74": lookup lecode-pre74 on 100.125.1.250:53: no such host
[preflight] Reading configuration from the cluster...
[preflight] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[kubelet-start] Writing kubelet configuration to file "/var/lib/kubelet/config.yaml"
[kubelet-start] Writing kubelet environment file with flags to file "/var/lib/kubelet/kubeadm-flags.env"
[kubelet-start] Starting the kubelet
[kubelet-start] Waiting for the kubelet to perform the TLS Bootstrap...

This node has joined the cluster:
* Certificate signing request was sent to apiserver and a response was received.
* The Kubelet was informed of the new secure connection details.

Run 'kubectl get nodes' on the control-plane to see this node join the cluster.


#在主节点给新节点打上污点
[root@lecode-pre55 ~]# kubectl get no
NAME            STATUS   ROLES                  AGE     VERSION
lecode-pre210   Ready    <none>                 50d     v1.20.9
lecode-pre217   Ready    <none>                 48d     v1.20.9
lecode-pre55    Ready    control-plane,master   50d     v1.20.9
lecode-pre7     Ready    <none>                 50d     v1.20.9
lecode-pre71    Ready    <none>                 50d     v1.20.9
lecode-pre74    Ready    <none>                 4m40s   v1.20.9
lecode-pre79    Ready    <none>                 48d     v1.20.9

#给新节点打上污点
[root@lecode-pre55 ~]# kubectl taint node lecode-pre74 service=dap:NoSchedule
node/lecode-pre74 tainted


#修改服务yaml文件,添加污点容忍和节点选择
spec:
...
    spec:
      nodeName: lecode-pre74
      tolerations:
      - key: service
        value: dap
        effect: NoSchedule

#检查效果
[root@lecode-pre55 ~]# kubectl get po -n lecode-pre -o wide |grep dap
lecode-dap-8457d4c4fc-cj2b8                 1/1     Running   0          3m7s    10.244.6.2     lecode-pre74    <none>           <none>
lecode-dap-8457d4c4fc-m5qmq                 1/1     Running   0          98s     10.244.6.4     lecode-pre74    <none>           <none>
lecode-dap-8457d4c4fc-nrjvx                 1/1     Running   0          2m17s   10.244.6.3     lecode-pre74    <none>           <none>

49. mysql代理

[root@zhyly-pre-003 4-layer-conf.d]# cat mysql.conf
upstream mysql {
    server 192.168.2.6:3306;
}

server {
     listen  8083;
     proxy_pass mysql;
}

[root@zhyly-pre-003 4-layer-conf.d]# /usr/local/nginx/sbin/nginx  -s reload


stream {
	upstream rds {
		server 10.27.166.107:33086 max_fails=3 fail_timeout=30s; 
	}
	server {
		listen 8085;
		proxy_connect_timeout 2s;  #后端服务器连接的超时时间_发起握手等候响应超时时间(默认60秒)
		proxy_timeout 900s;  #接收后端响应内容超时
		proxy_pass rds;
	}
}
posted @ 2023-02-25 14:41  安生丶  阅读(27)  评论(0编辑  收藏  举报