我想知道Kubernetes 中的resources: {}
in是什么pod.spec.containers.resources
意思?
我有一个容器化的 unimrcp 服务器,它作为 kubernetes pod 运行。当我进入容器并做ps -ef
它的输出是这样的:
[root@unimrcp-0 fd]# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 1 0 99 13:13 ? 01:07:38 ./unimrcpserver
root 75 1 0 13:13 ? 00:00:00 [arping] <defunct>
root 76 1 0 13:13 ? 00:00:00 [arping] <defunct>
root 154 0 0 13:14 pts/0 00:00:00 /bin/bash
root 209 154 0 14:21 pts/0 00:00:00 ps -ef
另外,如果我这样做cat /proc/[pid]/fd/1
,我会看到一些损坏的输出,如下所示:
未知指令:▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒ ▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
为什么进程没有附加控制终端。我已禁用 Unimrcp 记录到标准输出。CPU 利用率也为 99%。有人可以帮忙解决这个问题吗?
这是容器的入口点
#!/bin/sh
source /ip-conf.sh; set_control_media_network "UNIMRCP"
CONTROL_IP=$(get_control_ipv4)
MEDIA_IP=$(get_media_ipv4)
LOG_LEVEL=$(echo $LOG_LEVEL | tr -s " " | xargs)
LOG_OUTPUT=$(echo $LOG_OUTPUT | tr -s " " | xargs)
LOG_HEADERS=$(echo $LOG_HEADERS | tr -s " " | xargs)
sed -i 's+<priority>.*</priority>+''<priority>'$LOG_LEVEL'</priority>+g'
/usr/local/unimrcp/conf/logger.xml
sed -i 's+<output>.*</output>+''<output>'$LOG_OUTPUT'</output>+g'
/usr/local/unimrcp/conf/logger.xml
sed -i 's+<headers>.*</headers>+''<headers>'$LOG_HEADERS'</headers>+g'
/usr/local/unimrcp/conf/logger.xml
sed -i 's+<!-- <ip>.*</ip> -->+''<ip>'$CONTROL_IP'</ip>+g'
/usr/local/unimrcp/conf/unimrcpserver.xml
sed -i 's+<!-- <rtp-ip>.*</rtp-ip> -->+''<rtp-ip>'$MEDIA_IP'</rtp-ip>+g'
/usr/local/unimrcp/conf/unimrcpserver.xml
cd /usr/local/unimrcp/bin/
exec ./unimrcpserver
这是 unimrcp 容器内 /proc/1/fd/ 处 ls -l 的输出
total 0
lrwx------ 1 root root 64 Jan 2 12:04 0 -> /dev/null
l-wx------ 1 root root 64 Jan 2 12:04 1 -> pipe:[17601930]
l-wx------ 1 root root 64 Jan 2 12:04 10 -> pipe:[17605635]
lrwx------ 1 root root 64 Jan 2 12:04 11 -> socket:[17605636]
lrwx------ 1 root root 64 Jan 2 12:04 12 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Jan 2 12:04 13 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan 2 12:04 14 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Jan 2 12:04 15 -> anon_inode:[eventfd]
lrwx------ 1 root root 64 Jan 2 12:04 16 -> anon_inode:[eventpoll]
lrwx------ 1 root root 64 Jan 2 12:04 17 -> socket:[17602110]
lrwx------ 1 root root 64 Jan 2 12:04 18 -> socket:[17602111]
lrwx------ 1 root root 64 Jan 2 12:04 19 -> anon_inode:[eventpoll]
l-wx------ 1 root root 64 Jan 2 12:04 2 -> pipe:[17601931]
lrwx------ 1 root root 64 Jan 2 12:04 20 -> socket:[17603083]
lrwx------ 1 root root 64 Jan 2 12:04 21 -> socket:[17603084]
lr-x------ 1 root root 64 Jan 2 12:04 22 -> /dev/urandom
lrwx------ 1 root root 64 Jan 2 12:04 23 -> socket:[17603087]
lrwx------ 1 root root 64 Jan 2 12:04 24 -> socket:[17603088]
l-wx------ 1 root root 64 Jan 2 12:04 3 ->
/usr/local/unimrcp/log/unimrcpserver_2020.01.02_12.04.08.988860.log
lrwx------ 1 root root 64 Jan 2 12:04 4 -> anon_inode:[eventpoll]
lr-x------ 1 root root 64 Jan 2 12:04 5 -> pipe:[17605633]
l-wx------ 1 root root 64 Jan 2 12:04 6 -> pipe:[17605633]
lrwx------ 1 root root 64 Jan 2 12:04 7 -> socket:[17605634]
lrwx------ 1 root root 64 Jan 2 12:04 8 -> anon_inode:[eventpoll]
lr-x------ 1 root root 64 Jan 2 12:04 9 -> pipe:[17605635]
我有以下yaml
文件:
---
apiVersion: v1
kind: pod
metadata:
name: Tesing_for_Image_pull -----------> 1
spec:
containers:
- name: mysql ------------------------> 2
image: mysql ----------> 3
imagePullPolicy: Always ------------->4
command: ["echo", "SUCCESS"] -------------------> 5
运行后kubectl create -f my_yaml.yaml
出现以下错误:
error: error converting YAML to JSON: yaml: line 10: did not find expected key
更新:yamllint
我收到以下错误:
root@debian:~# yamllint my_yaml.yaml
my_yaml.yaml
8:9 error wrong indentation: expected 12 but found 8 (indentation)
11:41 error syntax error: expected <block end>, but found '<scalar>'
我的问题在哪里,我该如何解决?
部署所有 kubernetes 资源后port 443
,我想打开. 我将它添加到我的白名单表中,但它仍然关闭。我的 80 端口也发生了同样的事情。在刷新所有表后,删除所有 kubernetes 资源并从头开始设置防火墙(包括白名单port 80
),然后再次部署 kubernetesport 80
终于打开了。
现在我更愿意理解为什么我不能打开port 443
而不是再做一遍。我发现有一个表KUBE-FIREWALL
(见下文),默认情况下会阻止所有内容。
这是我的主要问题:
KUBE-FIREWALL 的规则优先级是否比我的表 TCP 高?如果,我怎样才能改变优先级?
输入
Chain INPUT (policy DROP)
target prot opt source destination
cali-INPUT all -- anywhere anywhere /* cali:Cz_u1IQiXIMmKD4c */
f2b-sshd tcp -- anywhere anywhere multiport dports ssh
KUBE-EXTERNAL-SERVICES all -- anywhere anywhere ctstate NEW /* kubernetes externally-visible service portals */
KUBE-FIREWALL all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp echo-request ctstate NEW
UDP udp -- anywhere anywhere ctstate NEW
TCP tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/SYN ctstate NEW
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT all -- anywhere anywhere reject-with icmp-proto-unreachable
校准输入
Chain cali-INPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:msRIDfJRWnYwzW4g */ mark match 0x10000/0x10000
cali-wl-to-host all -- anywhere anywhere [goto] /* cali:y4fKWmWkTnYGshVX */
MARK all -- anywhere anywhere /* cali:JnMb-hdLugWL4jEZ */ MARK and 0xfff0ffff
cali-from-host-endpoint all -- anywhere anywhere /* cali:NPKZwKxJ-5imzORj */
ACCEPT all -- anywhere anywhere /* cali:aes7S4xZI-7Jyw63 */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
KUBE-防火墙
Chain cali-INPUT (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere /* cali:msRIDfJRWnYwzW4g */ mark match 0x10000/0x10000
cali-wl-to-host all -- anywhere anywhere [goto] /* cali:y4fKWmWkTnYGshVX */
MARK all -- anywhere anywhere /* cali:JnMb-hdLugWL4jEZ */ MARK and 0xfff0ffff
cali-from-host-endpoint all -- anywhere anywhere /* cali:NPKZwKxJ-5imzORj */
ACCEPT all -- anywhere anywhere /* cali:aes7S4xZI-7Jyw63 */ /* Host endpoint policy accepted packet. */ mark match 0x10000/0x10000
claus@vmd33301:~$ sudo iptables -L KUBE-FIREWALL
Chain KUBE-FIREWALL (2 references)
target prot opt source destination
DROP all -- anywhere anywhere /* kubernetes firewall for dropping marked packets */ mark match 0x8000/0x8000
TCP
Chain TCP (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
我想将所有节点上的服务绑定到端口 80 和 443,这样我将通过 DNS 名称(kubernetes)重定向到通过 HTTP/S 将我直接重定向到服务的任何节点,然后再到部署(nginx )。但是,我不知道这是如何工作的,因为 NodePorts 的范围仅从 30000 到 32xxx。
这是我的设置
DNS-Name IPv4
k8s-master 172.25.35.47
k8s-node-01 172.25.36.47
k8s-node-02 172.25.36.8
kubernetes 172.25.36.47
kubernetes 172.25.36.8
我的 yaml 文件
apiVersion: v1
kind: Service
metadata:
name: proxy
spec:
ports:
- name: http
nodePort: 80
port: 80
protocol: TCP
targetPort: 80
- name: https
nodePort: 443
port: 443
protocol: TCP
targetPort: 443
selector:
name: proxy
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: proxy
labels:
name: proxy
spec:
selector:
matchLabels:
name: proxy
replicas: 1
template:
metadata:
labels:
name: proxy
spec:
containers:
- name: nginx
image: nginx:latest
ports:
- name: http
containerPort: 80
protocol: TCP
- name: https
containerPort: 443
protocol: TCP
哪种类型的服务为我提供了公开此端口的功能,或者我如何实现我的心理设置?
沃尔克
我已经在 docker 中设置了一个私有注册表,可以通过域“makdom.ddns.net”访问,我可以在本地登录推送和拉取图像,即使是从 kubes 节点我也可以做到这一点,
但是当我编写一个 kubes 部署文件时,它无法从私有注册表中提取图像并且失败。
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: ssh-deployment
spec:
template:
metadata:
labels:
app: helloworld
spec:
containers:
- name: ssh-demo
image: makdom.ddns.net/my-ubuntu
imagePullPolicy: IfNotPresent
ports:
- name: nodejs-port
containerPort: 22
imagePullSecrets:
- name: myregistrykey
秘密:
DOCKER_REGISTRY_SERVER="https://makdom.ddns.net/v1/"
DOCKER_USER="user"
DOCKER_PASSWORD="password"
DOCKER_EMAIL="[email protected]"
kubectl create secret docker-registry myregistrykey \
--docker-server=$DOCKER_REGISTRY_SERVER \
--docker-username=$DOCKER_USER \
--docker-password=$DOCKER_PASSWORD \
--docker-email=$DOCKER_EMAIL
错误:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 1m default-scheduler Successfully assigned ssh-deployment-7b7c7bf977-m6stk to kubes-slave
Normal SuccessfulMountVolume 1m kubelet, kubes-slave MountVolume.SetUp succeeded for volume "default-token-mx7qq"
Normal Pulled 1m (x3 over 1m) kubelet, kubes-slave Container image "makdom.ddns.net/my-ubuntu" already present on machine
Normal Created 1m (x3 over 1m) kubelet, kubes-slave Created container
Normal Started 1m (x3 over 1m) kubelet, kubes-slave Started container
Normal Pulling 34s (x2 over 1m) kubelet, kubes-slave pulling image "makdom.ddns.net/my-ubuntu"
Warning Failed 34s (x2 over 1m) kubelet, kubes-slave Failed to pull image "makdom.ddns.net/my-ubuntu": rpc error: code = Unknown desc = Error: image my-ubuntu:latest not found
Warning Failed 34s (x2 over 1m) kubelet, kubes-slave Error: ErrImagePull
Warning BackOff 19s (x6 over 1m) kubelet, kubes-slave Back-off restarting failed container