蜷缩的蜗牛

OpenEBS-CStor使用指南

kbsonlong 发布于 2023-03-03 收录于 Openebs

`CStor` 存储策略

目标节点 `nodeSelector`

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
cat << EOF | kubectl apply -f -
apiVersion: cstor.openebs.io/v1
kind: CStorVolumePolicy
metadata:
  name: csi-volume-policy
  namespace: openebs
spec:
  target:
    nodeSelector:
      biz.type: test
EOF

目标节点亲和行 `affinity`

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
apiVersion: cstor.openebs.io/v1
kind: CStorVolumePolicy
metadata:
  name: csi-volume-policy
  namespace: openebs
spec:
  target:
    affinity:
      requiredDuringSchedulingIgnoredDuringExecution:
      - labelSelector:
          matchExpressions:
          - key: openebs.io/target-affinity
            operator: In
            values:
            - fio-cstor                              // application-unique-label
        topologyKey: kubernetes.io/hostname
        namespaces: ["default"]

目标节点资源限制 `resources`

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: cstor.openebs.io/v1
kind: CStorVolumePolicy
metadata:
  name: csi-volume-policy
  namespace: openebs
spec:
  target:
    resources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"
    auxResources:
      requests:
        memory: "64Mi"
        cpu: "250m"
      limits:
        memory: "128Mi"
        cpu: "500m"

目标节点污点 `tolerations`

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
apiVersion: cstor.openebs.io/v1
kind: CStorVolumePolicy
metadata:
  name: csi-volume-policy
  namespace: openebs
spec:
  replica: {}
  target:
    tolerations:
    - key: "key1"
      operator: "Equal"
      value: "value1"
      effect: "NoSchedule"

深入Istio系列-Sidecar配置模板

kbsonlong 发布于 2023-02-24 收录于云原生

本文不讲源码，来说说 istio sidecar 配置，从而灵活的控制 sidecar 注入、资源修改等场景。

1
kubectl get cm -n istio-system istio-sidecar-injector -o yaml

先来预览一下 istio-sidecar-injector，主要包含 config 和 values 20230224165755

config

可以看到配置项有默认模板 defaultTemplates、注入策略 policy、注入选择器 alwaysInjectSelector、永不注入选择器 neverInjectSelector、injectedAnnotations 和模板内容 templates 等

关于注入策略(policy)、注入选择器(alwaysInjectSelector、neverInjectSelector)和注入注解(injectedAnnotations)可以查看 Sidecar 自动注入本文主要来了解 Sidecar 注入的模板，方便后续需要针对Sidecar 的部署调整

Kubernetes创建只读用户

kbsonlong 发布于 2023-01-12 收录于 Kubernetes

1 安装cfssl

1
2
3
4
5
6
7
8
9
mkdir -p /nfs/k8s-backup/readonly
cd /nfs/k8s-backup/readonly
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64
mv cfssl_linux-amd64 cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
mv cfssljson_linux-amd64 cfssljson
wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64
mv cfssl-certinfo_linux-amd64 cfssl-certinfo
chmod +x *

2 签发客户端证书

根据ca证书和秘钥签发用户证书，kubeadm工具安装是默认生成存放在/etc/kubernetes/pki目录下

Sentry 监控 - Snuba 数据中台本地开发环境配置实战

kbsonlong 发布于 2023-01-03 收录于 Sentry

系列

克隆仓库

分别克隆 getsentry/sentry 与 getsentry/snuba：

自建k8s部署aws-Ebs-Csi-Driver

kbsonlong 发布于 2022-12-30

创建 `aws` IAM权限

1
https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/v1.13.0/docs/example-iam-policy.json

获取AK、SK

部署aws-ebs-csi-driver

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
kubectl create secret generic aws-secret \
    --namespace kube-system \
    --from-literal "key_id=${AWS_ACCESS_KEY_ID}" \
    --from-literal "access_key=${AWS_SECRET_ACCESS_KEY}"
``

```yaml
# helm repo add aws-ebs-csi-driver https://kubernetes-sigs.github.io/aws-ebs-csi-driver

# helm upgrade --install aws-ebs-csi-driver --version 2.13.0\
    --namespace kube-system \
    aws-ebs-csi-driver/aws-ebs-csi-driver \
    --set sidecars.provisioner.image.repository=registry.cn-hangzhou.aliyuncs.com/seam/csi-provisioner \
    --set sidecars.attacher.image.repository=registry.cn-hangzhou.aliyuncs.com/seam/csi-attacher \
    --set sidecars.snapshotter.image.repository=registry.cn-hangzhou.aliyuncs.com/seam/csi-snapshotter \
    --set sidecars.livenessProbe.image.repository=registry.cn-hangzhou.aliyuncs.com/seam/livenessprobe \
    --set sidecars.resizer.image.repository=registry.cn-hangzhou.aliyuncs.com/seam/csi-resizer \
    --set sidecars.nodeDriverRegistrar.image.repository=registry.cn-hangzhou.aliyuncs.com/seam/csi-node-driver-registrar \
    --set node.kubeletPath=/data/k8s/kubelet
# kubectl get pod -n kube-system -l "app.kubernetes.io/name=aws-ebs-csi-driver,app.kubernetes.io/instance=aws-ebs-csi-driver"
NAME                                 READY   STATUS    RESTARTS   AGE
ebs-csi-controller-5cbfd45dc-2fq9q   6/6     Running   0          102s
ebs-csi-controller-5cbfd45dc-jgpl9   6/6     Running   0          102s
ebs-csi-node-2s8lj                   3/3     Running   0          101s
ebs-csi-node-4jstr                   3/3     Running   0          101s
ebs-csi-node-72w69                   3/3     Running   0          101s
ebs-csi-node-759rd                   0/3     Pending   0          101s
ebs-csi-node-cq86s                   3/3     Running   0          101s
ebs-csi-node-jnfxk                   0/3     Pending   0          101s
ebs-csi-node-m48nn                   3/3     Running   0          101s

Github工作流

kbsonlong 发布于 2022-12-30

Git workflow

1. Fork in the cloud

Visit https://github.com/kubernetes/kubernetes
Click Fork button (top right) to establish a cloud-based fork.

OpenEBS性能测试

kbsonlong 发布于 2022-10-18 收录于存储

依赖说明

准备裸盘

1
2
3
4
5
6
7
root@ubuntu:~# lsblk
NAME        MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
nvme2n1     259:2    0   50G  0 disk           ### 50G未格式化磁盘
nvme1n1     259:0    0  600G  0 disk
└─nvme1n1p1 259:3    0  600G  0 part /data
nvme0n1     259:1    0   40G  0 disk
└─nvme0n1p1 259:4    0   40G  0 part /

安装iscsi

1
2
3
sudo apt-get update
sudo apt-get install open-iscsi
sudo systemctl enable --now iscsid