k8s 高可用 etcd集群
摘要:k8s集群清除 kubeadm resef -f root@ubuntu:~/cluster# ps -elf | grep kube 4 S root 8099 8071 4 80 0 - 161890 futex_ Jun18 ? 12:33:47 kube-apiserver --advert
阅读全文
posted @ 2021-06-30 16:40
06 2021 档案
etcd集群
摘要:配置各个节点/etc/hosts [root@host-10-10-18-42 etcd]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localho
阅读全文
posted @ 2021-06-29 11:40
Kubernetes 中 Pod 的选举过程
摘要:为什么需要 Pod 之间的 Leader Election 一般来说,由 Deployment 创建的 1 个或多个 Pod 都是对等关系,彼此之间提供一样的服务。但是在某些场合,多个 Pod 之间需要有一个 Leader 的角色,即: Pod 之间有且只有一个 Leader; Leader 在一定
阅读全文
posted @ 2021-06-28 17:41
Keepalived配置实现Haproxy高可用
摘要:demo1 root@cloud:/etc/haproxy# cat haproxy.cfg # # Example configuration for a possible web application. See the # full configuration options online.
阅读全文
posted @ 2021-06-25 17:57
kube-proxy iptables
摘要:Q: 连接跟踪的作用是什么? A: 连接跟踪本身没什么特殊功能,它最重要的两个用途是NAT与状态防火墙。 Q: 连接跟踪发生在什么位置?它的基本流程是怎样的? A: 连接跟踪模块在NF_INET_PRE_ROUTING与NF_INET_LOCAL_OUT处注册了钩子函数,是连接跟踪的入口(nf_co
阅读全文
posted @ 2021-06-25 15:13
kube-proxy ipvs
摘要:IPVS用法# IPVS可以通过ipvsadm 命令进行配置,如-L列举,-A添加,-D删除。 如下命令创建一个service实例172.17.0.1:32016,-t指定监听的为TCP端口,-s指定算法为轮询算法rr(Round Robin),ipvs支持简单轮询(rr)、加权轮询(wrr)、最少
阅读全文
posted @ 2021-06-25 11:42
calico 分区
摘要:1、节点 root@ubuntu:~# kubectl get nodes --show-labels NAME STATUS ROLES AGE VERSION LABELS bogon Ready worker 5d21h v1.18.1 beta.kubernetes.io/arch=arm6
阅读全文
posted @ 2021-06-24 17:19
bgp ebgp-requires-policy
摘要:bgp ebgp-requires-policy This command requires incoming and outgoing filters to be applied for eBGP sessions as part of RFC-8212 compliance. Without t
阅读全文
posted @ 2021-06-24 16:32
Idle BGP Error: Hold timer expired
摘要:root@cloud:~# ./calicoctl node status Calico process is running. IPv4 BGP status + + + + + + | PEER ADDRESS | PEER TYPE | STATE | SINCE | INFO | + + +
阅读全文
posted @ 2021-06-24 15:35
centos8 frr bgp for calico
摘要:[root@host-10-10-18-31 ~]# dnf install -y frr Last metadata expiration check: 0:01:19 ago on Thu 24 Jun 2021 10:54:30 AM CST. Dependencies resolved. P
阅读全文
posted @ 2021-06-24 11:11
etcdctl
摘要:root@ubuntu:~/etcd-v3.5.0-linux-arm64# ETCDCTL_API=3 ./etcdctl --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/peer.crt --key
阅读全文
posted @ 2021-06-24 10:21
Calico 3.5:根据节点标签分配 IP
摘要:需求: node1 node2 的 pod 都分配一个网段, node3 node4 的 pod 都分配一个网段 | router | | | | rack-0 | | rack-1 | | kube-node-1 | | kube-node-3 | - - - - - - - - - - - -
阅读全文
posted @ 2021-06-23 20:39
calico bird.ct
摘要:root@cloud:~# ls /var/run/calico/bird.ctl /var/run/calico/bird.ctl root@cloud:~# nc -U /var/run/calico/bird.ctl 0001 BIRD v0.3.3+birdv1.6.8 ready. 900
阅读全文
posted @ 2021-06-23 16:09
calico rr 2
摘要:root@ubuntu:~# kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME bogon Ready w
阅读全文
posted @ 2021-06-23 15:36
Calico node failed to start
摘要:root@ubuntu:~# kubectl logs -f calico-node-2l47s -n kube-system 2021-06-23 07:04:14.117 [INFO][10] startup/startup.go 390: Early log level set to info
阅读全文
posted @ 2021-06-23 15:15
could not find a JWS signature in the cluster-info ConfigMap for token ID "qpqoq3"
摘要:[root@localhost ~]# kubeadm join 10.10.16.82:6443 --token qpqoq3.y2lo787xtima2xaz --discovery-token-ca-cert-hash sha256:374990d65ea0b1dd227fe68aa994fa
阅读全文
posted @ 2021-06-23 15:05
干货收藏!Calico 路由反射模式权威指南
摘要:1. 概述 作为 Kubernetes 最长使用的一种网络插件,Calico 具有很强的扩展性,较优的资源利用和较少的依赖,相较于 Flannel 插件采用 Overlay 的网络,Calico 可以通过三层路由的方式采用性能更佳的 Underlay 网络,Calico 网络插件的转发效率是所有方案
阅读全文
posted @ 2021-06-22 17:44
calico bgp rr
摘要:bgp peer 查看状态 calicoctl node status 配置全局 bgp peer(rr) cat << EOF | calicoctl create -f - apiVersion: projectcalico.org/v3 kind: BGPPeer metadata: name
阅读全文
posted @ 2021-06-22 16:56
calico bgp
摘要:Calico Overlay网络 在Calico Overlay网络中有两种模式可选(仅支持IPV4地址) IP-in-IP (使用BGP实现) Vxlan (不使用BGP实现) 两种模式均支持如下参数 Always: 永远进行 IPIP 封装(默认) CrossSubnet: 只在跨网段时才进行
阅读全文
posted @ 2021-06-22 10:20
tcpdump ipip
摘要:root@cloud:~# tcpdump -i enahisic2i0 "ip proto 4" and host 10.10.16.82 -ennvv tcpdump: listening on enahisic2i0, link-type EN10MB (Ethernet), capture
阅读全文
posted @ 2021-06-21 16:11
nodes are available: 1 node(s) had taint {node-role.kubernetes.io/master: }, that the pod didn't tolerate, 2 node(s) didn't match pod affinity/anti-affinity
摘要:root@ubuntu:~# cat web-anti-affinity.yaml apiVersion: apps/v1 kind: Deployment metadata: name: web-nginx spec: selector: matchLabels: app: web-nginx r
阅读全文
posted @ 2021-06-21 15:45
coredns-66bff467f8-krldv CrashLoopBackOff
摘要:root@ubuntu:~# kubectl get pod --all-namespaces -o wide NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES kube-system ca
阅读全文
posted @ 2021-06-21 14:43
6443: connect: network is unreachable
摘要:K8s API Server的鉴权问题由来已久。默认情况下K8s API Server会开启两个端口:8080(Localhost Port)和 6443(Secure Port),其中8080端口为WEB UI Dashboard,无需认证,用于本地测试与监控;6443端口需要认证且有TLS保护,
阅读全文
posted @ 2021-06-18 18:55
卸载flannel
摘要:root@ubuntu:~# kubectl delete -f kube-flannel.yml podsecuritypolicy.policy "psp.flannel.unprivileged" deleted clusterrole.rbac.authorization.k8s.io "f
阅读全文
posted @ 2021-06-18 17:03
k8s网络之Calico网络
摘要:docker pull calico/node:v3.1.4 docker pull calico/cni:v3.1.4 docker pull calico/typha:v3.1.4 docker tag calico/node:v3.1.4 quay.io/calico/node:v3.1.4
阅读全文
posted @ 2021-06-18 16:52
KUBE-MARK-MASQ 和snat
摘要:iptables iptables的方式则是利用了linux的iptables的nat转发进行实现。在本例中,创建了名为mysql-service的service。 apiVersion: v1 kind: Service metadata: labels: name: mysql role: se
阅读全文
posted @ 2021-06-18 16:26
DNS
摘要:Kubernetes 提供了一个 DNS 插件 Service,它使用 skydns 自动为其它 Service 指派 DNS 名字。 如果它在集群中处于运行状态,可以通过如下命令来检查: root@ubuntu:~# kubectl get services kube-dns --namespac
阅读全文
posted @ 2021-06-18 14:20
flannel vxlan
摘要:dialing dial unix /var/run/antrea/cni.sock: connect: connection refused Failed to create pod sandbox: rpc error: code = Unknown desc = [failed to set
阅读全文
posted @ 2021-06-18 10:30
pod间访问
摘要:root@ubuntu:~# nsenter -n --target 27134 root@ubuntu:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 10
阅读全文
posted @ 2021-06-18 09:32
k8s 部署worker节点
摘要:master ubuntu 10.10.1682 woker cloud 10.10.16.47 root@cloud:~# apt-get install -y kubeadm-1.18.1 kubectl-1.18.1 Reading package lists... Done Building
阅读全文
posted @ 2021-06-17 17:53
rte_pktmbuf_append rte_pktmbuf_chain rte_pktmbuf_clone
摘要:DPDK: rte_mbuf https://www.yuque.com/zzqcn/opensource/oirzxh Mbuf https://promisechen.github.io/dpdk/zp/mbuf.html https://promisechen.github.io/dpdk/z
阅读全文
posted @ 2021-06-17 11:38
externaltrafficpolicy
摘要:client root@cloud:~# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00
阅读全文
posted @ 2021-06-17 09:29
kubernetes 实用技巧: 进入容器 netns
摘要:root@ubuntu:~# kubectl get pod NAME READY STATUS RESTARTS AGE debian-6c44fc6956-ltsrt 0/1 CrashLoopBackOff 4615 16d mc1 2/2 Running 0 16d my-deploymen
阅读全文
posted @ 2021-06-16 19:52
externalTrafficPolicy:local
摘要:环境描述 生产环境通过gitlab-running实现自动化发布业务,现需要收集客户端的真实ip,需要将externaltrafficpolicy改为lacal模式(原来是cluster模式),前天开发反映无法发布业务(镜像拉取不成功)。想到就改动过externaltrafficpolicy所以考虑
阅读全文
posted @ 2021-06-16 19:37
Kubernetes Services
摘要:介绍 Kubernetes Services 是将运行在一组 Pod 上的应用程序公开为网络服务的抽象方法。这一组 Pod 能够被 Service 访问到,通常是通过 Labels 和 Selectors 实现的。 当客户端连接到 Kubernetes Service 时,连接会被负载均衡到支持服务
阅读全文
posted @ 2021-06-16 19:33
mbuf double free
摘要:#define RTE_ETHER_MAX_LEN 1518 /**< Maximum frame len, including CRC. */ #define RTE_PKTMBUF_HEADROOM 128 #define PRIV_SIZE 16 #define MBUF_DATAROOM_S
阅读全文
posted @ 2021-06-16 17:11
rte_pktmbuf_append
摘要:[root@localhost mbuf]# cat main.c #include <stdio.h> #include <string.h> #include <stdint.h> #include <errno.h> #include <sys/queue.h> #include <rte_l
阅读全文
posted @ 2021-06-16 16:30
kni(三)
摘要:[root@localhost dpdk-19.11]# ./usertools/dpdk-devbind.py -s Network devices using DPDK-compatible driver 0000:05:00.0 'Hi1822 Family (2*25GE) 0200' dr
阅读全文
posted @ 2021-06-11 16:33
examples-bond
摘要:网卡信息 [root@localhost bond]# ./build/app/bond_app EAL: Detected 128 lcore(s) EAL: Detected 4 NUMA nodes EAL: Multi-process socket /var/run/dpdk/rte/mp_
阅读全文
posted @ 2021-06-10 15:15
dpdk bond
摘要:bond_ethdev_mode_set(struct rte_eth_dev *eth_dev, int mode) { struct bond_dev_private *internals; internals = eth_dev->data->dev_private; switch (mode
阅读全文
posted @ 2021-06-10 11:56
ContainerCreating
摘要:[root@cloud ~]# kubectl get pods NAME READY STATUS RESTARTS AGE nginx-deployment-c85df76f4-gj65j 1/1 Running 0 7d23h temperature-simulate-mapper-588ff
阅读全文
posted @ 2021-06-09 09:22
kubeedge 迁移
摘要:kubectl cordon pcl001-desktop [root@cloud temperature_yaml]# kubectl get nodes NAME STATUS ROLES AGE VERSION cloud Ready master 28d v1.18.6 edge-vm Re
阅读全文
posted @ 2021-06-08 18:10
pod 删除
摘要:[root@cloud temperature_yaml]# kubectl get pod -o wide | grep temperature | wc -l 278 [root@cloud temperature_yaml]# kubectl get pod -o wide | grep te
阅读全文
posted @ 2021-06-08 17:49
nslookuptool
摘要:https://www.nslookuptool.com/#A&baidu.com [root@bogon ~]# nslookup doh.pub Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: Name: doh.pub
阅读全文
posted @ 2021-06-08 15:57
calico
摘要:先设置变量: NS=cali VETH=v-cali 创建 netns 和 veth, veth 一端塞进去, 射 ip: ip netns add $NS ip l add $VETH type veth peer name $VETH-peer ip l set $VETH-peer up ip
阅读全文
posted @ 2021-06-08 12:03
k8s crds
摘要:[root@cloud crds]# cat model.yaml apiVersion: devices.kubeedge.io/v1alpha2 kind: DeviceModel metadata: name: temperature-model-simulate namespace: def
阅读全文
posted @ 2021-06-02 11:52
Understanding CNI (Container Networking Interface)
摘要:Understanding CNI (Container Networking Interface) https://github.com/containernetworking/cni 执行 kubectl apply -f https://raw.githubusercontent.com/co
阅读全文
posted @ 2021-06-01 20:16
