技术标签: Docker
目前k8s+docker算是运维必修了,docker能让我们的环境一键迁移,k8s能自动编排,还能保证服务高可用,两者结合自然是无敌,那我们要不要使用k8s呢?这要根据自身情况,任何技术的使用,都需要根据具体情况来定,就像你要杀鸡,却非要选牛刀,牛刀是很锋利,但还不够你折腾的
本文重点介绍k8s集群外如何访问集群内的服务,主要方式有:hostPort或hostNetwork、NodePort、Ingress
hostPort和hostNetwork 放在首位是因为大家很容易忽略它们,它们也可让集群外访问集群内应用,用法:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx-deployment
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
nodeSelector: # node节点选择器
role: master # node节点标签(Label)
hostNetwork: true # 使用node节点网络
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 8080
重点在和containers平级的hostNetwork: true,表示pod使用宿主机网络,配合nodeSelector,把pod实例化在固定节点,如上,我给mater节点加上标签role: master,通过nodeSelector,nginx就会实例化在master节点,这样就可以通过master节点的ip和8080端口访问这个nginx了
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx-deployment
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
nodeSelector: # node节点选择器
role: master # node节点标签(Label)
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 8080
hostPort: 80 #重点
和hostNetwork相比多了映射能力,可以把容器端口映射为node节点不同端口,hostPort,当然也需要nodeSelector来固定节点,不然每次创建,节点不同,ip也会改变
访问方式:nodeSelector所选节点ip:hostPort, 如上:role=Master标签节点Ip:80
NodePort是最常见的提供集群外访问的方式之一,该方式使用Service提供集群外访问
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx-deployment
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: nginx-pod-service
labels:
app: nginx #自身标签
spec:
type: NodePort # 类型ExternalName, ClusterIP, NodePort, and LoadBalancer
ports:
- port: 8080 # service在k8s集群内服务端口
targetPort: 8080 # 关联pod对外开放端口
nodePort: 30088 # 集群外访问端口,端口范围【30000-32767】
selector:
app: nginx # pod标签
访问方式:集群内任意节点ip加nodePort所配端口号,如上:集群内任一节点ip:30088,即可访问nginx
Ingress基本生产必备,可以简单理解为部署了一个nginx服务,该服务使用hostNetwork或hostPort方式提供集群外访问,再根据配置的路由规则,路由的集群内部各个service
Ingress有各种实现版本,这里安装的为ingress-nginx,其yaml文件如下:ingress.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: nginx-configuration
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: tcp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
kind: ConfigMap
apiVersion: v1
metadata:
name: udp-services
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
name: nginx-ingress-clusterrole
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- nodes
- pods
- secrets
verbs:
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
name: nginx-ingress-role
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
rules:
- apiGroups:
- ""
resources:
- configmaps
- pods
- secrets
- namespaces
verbs:
- get
- apiGroups:
- ""
resources:
- configmaps
resourceNames:
# Defaults to "<election-id>-<ingress-class>"
# Here: "<ingress-controller-leader>-<nginx>"
# This has to be adapted if you change either parameter
# when launching the nginx-ingress-controller.
- "ingress-controller-leader-nginx"
verbs:
- get
- update
- apiGroups:
- ""
resources:
- configmaps
verbs:
- create
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
name: nginx-ingress-role-nisa-binding
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: nginx-ingress-role
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: nginx-ingress-clusterrole-nisa-binding
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: nginx-ingress-clusterrole
subjects:
- kind: ServiceAccount
name: nginx-ingress-serviceaccount
namespace: ingress-nginx
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-ingress-controller
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
template:
metadata:
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
annotations:
prometheus.io/port: "10254"
prometheus.io/scrape: "true"
spec:
# wait up to five minutes for the drain of connections
terminationGracePeriodSeconds: 300
serviceAccountName: nginx-ingress-serviceaccount
nodeSelector: #注意修改自己nodeSelector
role: master
hostNetwork: true
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.30.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --tcp-services-configmap=$(POD_NAMESPACE)/tcp-services
- --udp-services-configmap=$(POD_NAMESPACE)/udp-services
- --publish-service=$(POD_NAMESPACE)/ingress-nginx
- --annotations-prefix=nginx.ingress.kubernetes.io
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
# www-data -> 101
runAsUser: 101
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
livenessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
readinessProbe:
failureThreshold: 3
httpGet:
path: /healthz
port: 10254
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 10
lifecycle:
preStop:
exec:
command:
- /wait-shutdown
---
apiVersion: v1
kind: LimitRange
metadata:
name: ingress-nginx
namespace: ingress-nginx
labels:
app.kubernetes.io/name: ingress-nginx
app.kubernetes.io/part-of: ingress-nginx
spec:
limits:
- min:
memory: 90Mi
cpu: 100m
type: Container
kubectl apply -f ingress.yaml
该yaml会创建ingress-nginx命名空间,待对应pod进入running状态,ingress服务就安装完成了
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: nginx
name: nginx-deployment
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: nginx-pod-service
labels:
app: nginx #自身标签
spec:
type: NodePort # 类型ExternalName, ClusterIP, NodePort, and LoadBalancer
ports:
- port: 8080 # service在k8s集群内服务端口
targetPort: 8080 # 关联pod对外开放端口
selector:
app: nginx # pod标签
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: nginx-ingress
labels:
app.kubernetes.io/version: v1
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: nginx.test.com
http:
paths:
- path: /
backend:
serviceName: nginx-pod-service # 上面nginx Service配置的name
servicePort: 8080 # Service配置的port
集群外配置好host
ingress服务部署节点的ip nginx.test.com
通过域名进行访问,且仅能通过域名
hostPort和hostNetwork直接使用节点网络,部署时节点需固定,访问ip也固定(也可以用host),端口为正常端口
nodeport方式部署时不要求固定节点,可通过集群内任一ip进行访问,就是端口为30000以上,很多时候由于公司安全策略导致不能访问
ingress需要额外安装ingress模块,配置路由规则,且仅能通过所配置域名访问,配置好域名后,可以直接对外提供服务,和传统的nginx作用类似
可根据各自情况灵活使用
文章浏览阅读786次。本文深入一下Self-Attention(自注意力机制)以及 Multi-head Attention(多头注意力机制)的原理以及计算过程,主要的参考资料是台大李宏毅教授的授课内容,同时增加了一些从其他文章那里参考的细节,以及一些些个人的理解和心得。_multi-head attention与self attention
文章浏览阅读654次。初识一个字符串是一个不可改变的字节序列。文本字符串通常被解释为采用UTF8编码的Unicode码点(rune)序列。内置的len函数len函数可以返回一个字符串中的字节数目(不是rune字符数目),索引操作s[i]返回第i个字节的字节值s := "hello, world"fmt.Println(len(s)) // "12"fmt.Println(s[0], s[7]) // "104 119" ('h' and 'w')ss := "你好,世界"fmt.Println(len(ss
文章浏览阅读352次。http://poj.org/problem?id=3635给一张图,n个点,m条无向边,每个点都有自己的油价,每条路都需要消耗相应体积的油。q次询问,问一个小车,给定起点终点以及油箱容量,问到达终点的最小花费。懵了!看了下题解,是dp加bfs或者是dijdp[i][j]是指到达i点剩j体积的油量的最小花费。因为油最多只有100,所以可以这么做。对于每一个状态,我们可以有2个选择,1 在这个点加1...
文章浏览阅读576次。简单实现,如果session失效就返回到登录页面。使用Filter,同时过滤对静态页面和controller的访问,并且ajax请求也能跳转。1. web.xml配置loginfiltercom.lty.ebus.custom.filters.CheckLoginFilterrootPath/login.jsploginfilter/webviews/*loginfilter/webapp/*2...._session過期配置頁面
文章浏览阅读290次。1.随机生成验证码 rand()--返回0到getrandmax()之间的伪随机整数;<?phpheader('content-type:text/html;charset=utf-8');$str = "abcdefghijklmnopqrstuvwxyz0123456789";echo getrandmax(); echo '<br>';ec...
文章浏览阅读3.5k次。一、登录系统默认是命令行的文本界面,输入账号密码登录,如下面所示:二、yum安装desktop登录完成以后,使用yum命令就可以直接安装图形化桌面,安装命令是:yum groupinstall “Desktop”yum命令会自动分析需要的依赖报,然后下载所有安装包,如下面图中所示:三、修改为图形界面配置包的数量是223,耐心等待安装完毕,安装完成后,执行下面的命令:sed -...
文章浏览阅读4.2k次,点赞3次,收藏2次。在写docker exec的时候遇到了个大坑进入docker操作的命令可以随便执行,但是在docker exec里写就没有任何反应我的问题出在自己的脚本文件问题一:自己写的脚本开头#!/bin/sh改为#!/bin/bash问题二:nohup出了问题,nohup默认输出为nohup.out,但是使用docker exec 在外面就不自己生成,必须自己指定一个nohup Jiaoben >my.out 2>&1 &问题三:执行多个前后依赖的脚本命令虽_docker nohup
文章浏览阅读4.2k次。本文讲解如何 快速搭建Samba 服务, 利用搭建好的Samba 服务进行文件的传输。主要进行简单的讲解,如果有基础的同学可以忽略。第一步: 利用yum安装下samba命令 yum install samba所有的提示 都选 y 即可, 也可以加上 -y 参数第二步: 查看Samba 是否已经加入到自启动服务中使用命令/sbin/chkconfi_linux在机器b制作samba服务,从机器a访问,并且传递一个文件过去
文章浏览阅读1.3k次。一直有个疑惑:电容感抗是1/jwC,大电容C大,高频时 w也大,阻抗应该很小,不是更适合滤除高频信号?然而事实却是:大电容滤除低频信号。 今天找到解答如下: 般的10PF左右的电容用来滤除高频的干扰信号,0.1UF左右的用来滤除低频的纹波干扰,还可以起到稳压的作用滤波电容具体选择什么容值要取决于你PCB上主要的工作频率和可能对系统造成影响的谐波频率,可以查一_lc滤波器电容选大选小会怎么样
文章浏览阅读1.8k次,点赞2次,收藏9次。# n 个人围成一圈,顺序排号。从第一个人开始报数(从 1 到 3 报数),凡报到 3 的人退出圈子,问最后留下的是原来第几号的那位。n = int(input("please set the number of players:"))game = []for i in range(n): game.append(i + 1)sign = 0order = 0out_players = 0while out_players < n - 1: if game[order] _python有n个人围成一圈 顺序排号
文章浏览阅读1.4w次,点赞18次,收藏137次。这里是从PTA平台整理的【概论】题目集_给定n×n的二维数组a,则在不改变数组的前提下,查找最大元素的时间复杂度是:
文章浏览阅读137次。文章目录一、Apache虚拟主机一、构建虚拟web主机(二)、httpd支持的虚拟主机类型(三)、基于域名访问虚拟主机步骤1、为虚拟主机提供域名解析2、为虚拟主机准备网页文档3、添加虚拟主机配置4、设置访问控制5、加载独立的配置文件6、在客户机中访问虚拟web主机一、Apache虚拟主机一、构建虚拟web主机虚拟web主机指的是在同一台服务器中运行多个web站点,其中每一个站点实际上并不独立占用整个服务器,因此被称为"虚拟"web主机。通过虚拟web主机服务可以充分利用服务器的硬件资源,从而大大降低