1. 编写的 yml 文件部署,报错,识别不了容器参数
1.1 错误信息:
Error from server (BadRequest): error when creating "apollo.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value: ReadString: expects " or n, but found 8, error found in #10 byte of ...|,"value":8070},{"nam|..., bigger context ...|ntainers":[{"env":[{"name":"SERVER_PORT","value":8070},{"name":"SPRING_DATASOURCE_URL","value":"jdbc|...
Error from server (BadRequest): error when creating "apollo.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value: ReadString: expects " or n, but found 8, error found in #10 byte of ...|,"value":8080},{"nam|..., bigger context ...|ntainers":[{"env":[{"name":"SERVER_PORT","value":8080},{"name":"SPRING_DATASOURCE_URL","value":"jdbc|...
Error from server (BadRequest): error when creating "apollo.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value: ReadString: expects " or n, but found 8, error found in #10 byte of ...|,"value":8090},{"nam|..., bigger context ...|ntainers":[{"env":[{"name":"SERVER_PORT","value":8090},{"name":"SPRING_DATASOURCE_URL","value":"jdbc|...
[root@saaspy ~]#
1.2 yml 配置
apiVersion: v1
kind: Namespace
metadata:
name: apollo
---
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJodHRwOi8vc2NkaGIuZjMzMjIubmV0OjMyMDAwIjp7InVzZXJuYW1lIjoiYWRtaW4iLCJwYXNzd29yZCI6ImhlYmVuIzEyMzQ1IiwiZW1haWwiOiIzNTgxMDk0NjZAcXEuY29tIiwiYXV0aCI6IllXUnRhVzQ2YUdWaVpXNGpNVEl6TkRVPSJ9fX0=
kind: Secret
metadata:
name: secret-name
namespace: apollo
type: kubernetes.io/dockerconfigjson
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-portal
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-portal
template:
metadata:
labels:
app: apollo-portal
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-portal
image: scdhb.f3322.net:32000/apollo/apollo-portal:v1.8.2
imagePullPolicy: Always
ports:
- containerPort: 8070
env:
- name: SERVER_PORT
value: 8070
- name: SPRING_DATASOURCE_URL
value: jdbc:mysql://apollo-mysql:3306/ApolloPortalDB?sslMode=DISABLED&serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false
- name: SPRING_DATASOURCE_USERNAME
value: root
- name: SPRING_DATASOURCE_PASSWORD
value: root
- name: DEV_META
value: http://apollo-config:8080/
---
apiVersion: v1
kind: Service
metadata:
name: apollo-portal
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-portal
ports:
- name: http
port: 8070
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-config
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-config
template:
metadata:
labels:
app: apollo-config
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-config
image: scdhb.f3322.net:32000/apollo/apollo-config:v1.8.1
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: SERVER_PORT
value: 8080
- name: SPRING_DATASOURCE_URL
value: jdbc:mysql://apollo-mysql:3306/ApolloConfigDB?sslMode=DISABLED&serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false
- name: SPRING_DATASOURCE_USERNAME
value: root
- name: SPRING_DATASOURCE_PASSWORD
value: root
---
apiVersion: v1
kind: Service
metadata:
name: apollo-config
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-config
ports:
- name: http
port: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-admin
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-admin
template:
metadata:
labels:
app: apollo-admin
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-admin
image: scdhb.f3322.net:32000/apollo/apollo-admin:v1.8.1
imagePullPolicy: Always
ports:
- containerPort: 8090
env:
- name: SERVER_PORT
value: 8090
- name: SPRING_DATASOURCE_URL
value: jdbc:mysql://apollo-mysql:3306/ApolloConfigDB?sslMode=DISABLED&serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false
- name: SPRING_DATASOURCE_USERNAME
value: root
- name: SPRING_DATASOURCE_PASSWORD
value: root
---
apiVersion: v1
kind: Service
metadata:
name: apollo-admin
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-admin
ports:
- name: http
port: 8090
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-mysql
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-mysql
template:
metadata:
labels:
app: apollo-mysql
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-mysql
image: scdhb.f3322.net:32000/base-soft/mysql:release
imagePullPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: root
---
apiVersion: v1
kind: Service
metadata:
name: apollo-mysql
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-mysql
ports:
- name: http
port: 3306
1.3 部署结果
[root@saaspy ~]# kubectl delete ns apollo
namespace "apollo" deleted
[root@saaspy ~]#
[root@saaspy ~]#
[root@saaspy ~]# kubectl apply -f apollo.yaml
namespace/apollo created
secret/secret-name created
service/apollo-portal created
service/apollo-config created
service/apollo-admin created
deployment.apps/apollo-mysql created
service/apollo-mysql created
Error from server (BadRequest): error when creating "apollo.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value: ReadString: expects " or n, but found 8, error found in #10 byte of ...|,"value":8070},{"nam|..., bigger context ...|ntainers":[{"env":[{"name":"SERVER_PORT","value":8070},{"name":"SPRING_DATASOURCE_URL","value":"jdbc|...
Error from server (BadRequest): error when creating "apollo.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value: ReadString: expects " or n, but found 8, error found in #10 byte of ...|,"value":8080},{"nam|..., bigger context ...|ntainers":[{"env":[{"name":"SERVER_PORT","value":8080},{"name":"SPRING_DATASOURCE_URL","value":"jdbc|...
Error from server (BadRequest): error when creating "apollo.yaml": Deployment in version "v1" cannot be handled as a Deployment: v1.Deployment.Spec: v1.DeploymentSpec.Template: v1.PodTemplateSpec.Spec: v1.PodSpec.Containers: []v1.Container: v1.Container.Env: []v1.EnvVar: v1.EnvVar.Value: ReadString: expects " or n, but found 8, error found in #10 byte of ...|,"value":8090},{"nam|..., bigger context ...|ntainers":[{"env":[{"name":"SERVER_PORT","value":8090},{"name":"SPRING_DATASOURCE_URL","value":"jdbc|...
[root@saaspy ~]#
1.4 原因,及解决办法
1.4.1 原因
如果 Deployment 中使用了 env,并且 env 中有一些值是数字,就会抛出这个错误,解决办法就是将数字添加引号,类似下面截图中内容。
所以,在 deployment 中将数字类型的参数使用 “” 英文引号包裹起来。
1.4.2 解决
修改 yaml 文件
apiVersion: v1
kind: Namespace
metadata:
name: apollo
---
apiVersion: v1
data:
.dockerconfigjson: eyJhdXRocyI6eyJodHRwOi8vc2NkaGIuZjMzMjIubmV0OjMyMDAwIjp7InVzZXJuYW1lIjoiYWRtaW4iLCJwYXNzd29yZCI6ImhlYmVuIzEyMzQ1IiwiZW1haWwiOiIzNTgxMDk0NjZAcXEuY29tIiwiYXV0aCI6IllXUnRhVzQ2YUdWaVpXNGpNVEl6TkRVPSJ9fX0=
kind: Secret
metadata:
name: secret-name
namespace: apollo
type: kubernetes.io/dockerconfigjson
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-portal
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-portal
template:
metadata:
labels:
app: apollo-portal
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-portal
image: scdhb.f3322.net:32000/apollo/apollo-portal:v1.8.2
imagePullPolicy: Always
ports:
- containerPort: 8070
env:
- name: SERVER_PORT
value: "8070"
- name: SPRING_DATASOURCE_URL
value: "jdbc:mysql://apollo-mysql:3306/ApolloPortalDB?sslMode=DISABLED&serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false"
- name: SPRING_DATASOURCE_USERNAME
value: root
- name: SPRING_DATASOURCE_PASSWORD
value: root
- name: DEV_META
value: http://apollo-config:8080/
---
apiVersion: v1
kind: Service
metadata:
name: apollo-portal
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-portal
ports:
- name: http
port: 8070
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-config
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-config
template:
metadata:
labels:
app: apollo-config
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-config
image: scdhb.f3322.net:32000/apollo/apollo-config:v1.8.1
imagePullPolicy: Always
ports:
- containerPort: 8080
env:
- name: SERVER_PORT
value: "8080"
- name: SPRING_DATASOURCE_URL
value: "jdbc:mysql://apollo-mysql:3306/ApolloConfigDB?sslMode=DISABLED&serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false"
- name: SPRING_DATASOURCE_USERNAME
value: root
- name: SPRING_DATASOURCE_PASSWORD
value: root
---
apiVersion: v1
kind: Service
metadata:
name: apollo-config
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-config
ports:
- name: http
port: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-admin
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-admin
template:
metadata:
labels:
app: apollo-admin
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-admin
image: scdhb.f3322.net:32000/apollo/apollo-admin:v1.8.1
imagePullPolicy: Always
ports:
- containerPort: 8090
env:
- name: SERVER_PORT
value: "8090"
- name: SPRING_DATASOURCE_URL
value: "jdbc:mysql://apollo-mysql:3306/ApolloConfigDB?sslMode=DISABLED&serverTimezone=Asia/Shanghai&characterEncoding=utf8&useSSL=false"
- name: SPRING_DATASOURCE_USERNAME
value: root
- name: SPRING_DATASOURCE_PASSWORD
value: root
---
apiVersion: v1
kind: Service
metadata:
name: apollo-admin
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-admin
ports:
- name: http
port: 8090
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-mysql
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-mysql
template:
metadata:
labels:
app: apollo-mysql
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-mysql
image: scdhb.f3322.net:32000/base-soft/mysql:release
imagePullPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: root
---
apiVersion: v1
kind: Service
metadata:
name: apollo-mysql
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-mysql
ports:
- name: http
port: 3306
运行结果:
[root@saaspy ~]# kubectl apply -f apollo.yml
namespace/apollo created
secret/secret-name created
deployment.apps/apollo-portal created
service/apollo-portal created
deployment.apps/apollo-config created
service/apollo-config created
deployment.apps/apollo-admin created
service/apollo-admin created
deployment.apps/apollo-mysql created
service/apollo-mysql created
[root@saaspy ~]#
[root@saaspy ~]#
[root@saaspy ~]# kubectl get pod,svc -n apollo
NAME READY STATUS RESTARTS AGE
pod/apollo-admin-67b5487986-4n66r 0/1 CrashLoopBackOff 4 4m6s
pod/apollo-config-585c468c59-s6ls8 0/1 CrashLoopBackOff 4 4m7s
pod/apollo-mysql-d579db4f8-mbzgs 1/1 Running 0 4m6s
pod/apollo-portal-b8697d789-x8tth 1/1 Running 5 4m7s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/apollo-admin NodePort 172.31.229.214 <none> 8090:31442/TCP 4m6s
service/apollo-config NodePort 172.31.207.54 <none> 8080:30478/TCP 4m6s
service/apollo-mysql NodePort 172.31.248.214 <none> 3306:31093/TCP 4m6s
service/apollo-portal NodePort 172.31.61.50 <none> 8070:31194/TCP 4m7s
[root@saaspy ~]#
说明,不要关注 pod 的状态失败,因为还未建立数据库。
2. k8s 建立的 mysql 远程访问问题
我的k8s是个远程环境,不知道同事怎么设置的,只可以运行部分 kubectl 的命令,有的直接报错 timeout,尤其是在 kubectl exec 命令时(后面会提到)。
2.1 mysql yaml 配置,不可远程访问数据库
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-mysql
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-mysql
template:
metadata:
labels:
app: apollo-mysql
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-mysql
image: scdhb.f3322.net:32000/base-soft/mysql:release
imagePullPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: root
---
apiVersion: v1
kind: Service
metadata:
name: apollo-mysql
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-mysql
ports:
- name: http
port: 3306
mysql 能够正常运行,可是远程连接时候报错 mysql 10060 错误,知道没有权限访问,毕竟 root 是默认在 localhost 主机访问的。那么就需要修改 root@localhost(或者新建用户),然而本次不能够通过 kubectl exec 进入容器内部,于是乎想到 kubectl exec 远程执行命令(或者容器启动部署时,执行命令)。
2.2 mysql 部署时指定 command,修改 root@localhost(不行)
命令,command: [“mysql -uroot -p$(MYSQL_ROOT_PASSWORD)”, “RENAME USER root
@localhost
TO root
@%
“]
mysql yaml 配置
apiVersion: apps/v1
kind: Deployment
metadata:
name: apollo-mysql
namespace: apollo
spec:
selector:
matchLabels:
app: apollo-mysql
template:
metadata:
labels:
app: apollo-mysql
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: apollo-mysql
image: scdhb.f3322.net:32000/base-soft/mysql:release
imagePullPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: root
command: ["mysql -uroot -p$(MYSQL_ROOT_PASSWORD)", "RENAME USER `root`@`localhost` TO `root`@`%`"]
---
apiVersion: v1
kind: Service
metadata:
name: apollo-mysql
namespace: apollo
spec:
type: NodePort
selector:
app: apollo-mysql
ports:
- name: http
port: 3306
结果让人很失望,没有找到 mysql 命令(尚未分析是不是自己的 command 没有写对)
结果:
[root@saaspy ~]# kubectl describe pod/apollo-mysql-547d7cdf56-qszn5 -n apollo
Name: apollo-mysql-547d7cdf56-qszn5
Namespace: apollo
Priority: 0
Node: cn-shanghai.192.168.0.91/192.168.0.91
Start Time: Sat, 07 Aug 2021 10:47:52 +0800
Labels: app=apollo-mysql
pod-template-hash=547d7cdf56
Annotations: kubernetes.io/psp: ack.privileged
Status: Running
IP: 192.168.0.228
Controlled By: ReplicaSet/apollo-mysql-547d7cdf56
Containers:
apollo-mysql:
Container ID: docker://98cb6f79000a7d0c39a7b6aafbcd0e7ad1dffa9c4fd20b7dbfd7a23bd3f1a048
Image: scdhb.f3322.net:32000/base-soft/mysql:release
Image ID: docker-pullable://scdhb.f3322.net:32000/base-soft/mysql@sha256:4476fa792a8cd534386c23ebe70b4d931f72ad7bb60db888d3a188a6287202f2
Port: 3306/TCP
Host Port: 0/TCP
Command:
mysql -uroot -p$(MYSQL_ROOT_PASSWORD)
RENAME USER `root`@`localhost` TO `root`@`%`
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: ContainerCannotRun
Message: OCI runtime create failed: container_linux.go:346: starting container process caused "exec: \"mysql -uroot -proot\": executable file not found in $PATH": unknown
Exit Code: 127
Started: Sat, 07 Aug 2021 10:48:10 +0800
Finished: Sat, 07 Aug 2021 10:48:10 +0800
Ready: False
Restart Count: 2
Environment:
MYSQL_ROOT_PASSWORD: root
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-tvpvz (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-tvpvz:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-tvpvz
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 45s default-scheduler Successfully assigned apollo/apollo-mysql-547d7cdf56-qszn5 to cn-shanghai.192.168.0.91
Normal AllocIPSucceed 43s terway-daemon Alloc IP 192.168.0.228/24 for Pod
Warning BackOff 16s kubelet, cn-shanghai.192.168.0.91 Back-off restarting failed container
Normal Pulling 3s (x4 over 43s) kubelet, cn-shanghai.192.168.0.91 Pulling image "scdhb.f3322.net:32000/base-soft/mysql:release"
Normal Pulled 2s (x4 over 42s) kubelet, cn-shanghai.192.168.0.91 Successfully pulled image "scdhb.f3322.net:32000/base-soft/mysql:release"
Normal Created 2s (x4 over 42s) kubelet, cn-shanghai.192.168.0.91 Created container apollo-mysql
Warning Failed 2s (x4 over 42s) kubelet, cn-shanghai.192.168.0.91 Error: failed to start container "apollo-mysql": Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused "exec: \"mysql -uroot -proot\": executable file not found in $PATH": unknown
[root@saaspy ~]#
Warning Failed 2s (x4 over 42s) kubelet, cn-shanghai.192.168.0.91 Error: failed to start container “apollo-mysql”: Error response from daemon: OCI runtime create failed: container_linux.go:346: starting container process caused “exec: \”mysql -uroot -proot\”: executable file not found in $PATH”: unknown
这个修改 root 的命令需要在容器部署启动后(运行后)才能执行,初步怀疑是命令先于容器执行。
2.3 mysql 部署完成后,kubectl exec 直接执行命令(不进入容器)
2.3.1 kubectl exec 命令小例
[root@k3s-m1 ~]# kubectl exec -h
Execute a command in a container.
Examples:
# Get output from running 'date' command from pod mypod, using the first container by default
kubectl exec mypod -- date
# Get output from running 'date' command in ruby-container from pod mypod
kubectl exec mypod -c ruby-container -- date
# Switch to raw terminal mode, sends stdin to 'bash' in ruby-container from pod mypod
# and sends stdout/stderr from 'bash' back to the client
kubectl exec mypod -c ruby-container -i -t -- bash -il
# List contents of /usr from the first container of pod mypod and sort by modification time.
# If the command you want to execute in the pod has any flags in common (e.g. -i),
# you must use two dashes (--) to separate your command's flags/arguments.
# Also note, do not surround your command and its flags/arguments with quotes
# unless that is how you would execute it normally (i.e., do ls -t /usr, not "ls -t /usr").
kubectl exec mypod -i -t -- ls -t /usr
# Get output from running 'date' command from the first pod of the deployment mydeployment, using the first container
by default
kubectl exec deploy/mydeployment -- date
# Get output from running 'date' command from the first pod of the service myservice, using the first container by
default
kubectl exec svc/myservice -- date
Options:
-c, --container='': Container name. If omitted, the first container in the pod will be chosen
-f, --filename=[]: to use to exec into the resource
--pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one
pod is running
-i, --stdin=false: Pass stdin to the container
-t, --tty=false: Stdin is a TTY
Usage:
kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...] [options]
Use "kubectl options" for a list of global command-line options (applies to all commands).
[root@k3s-m1 ~]#
[root@k3s-m1 ~]# kubectl exec huawei004-mysql-base-77f6856d66-l5jw4 -n huawei004 date
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl exec [POD] -- [COMMAND] instead.
Sat Aug 7 03:12:51 UTC 2021
[root@k3s-m1 ~]#
[root@k3s-m1 ~]# kubectl exec huawei004-mysql-base-77f6856d66-l5jw4 -n huawei004 -- date
Sat Aug 7 03:13:00 UTC 2021
[root@k3s-m1 ~]#
在自己的上执行,报错 timeout
[root@saaspy ~]# kubectl exec apollo-mysql-d579db4f8-vhpwv -n apollo date
Error from server: error dialing backend: dial tcp 192.168.0.91:10250: i/o timeout
[root@saaspy ~]#
唉,还是只有采取部署时的 command,返回去分析错误原因。
2.4 解决
2.4.1 首先说明无法访问,不是 root 账号权限问题
kubectl 部署运行时的 command 属于启动前运行,故而 command 方式是不行的。
后来改变策略,重新部署成功,可以远程访问了,查看 mysql 的 user 表,远程访问是有权限的:
mysql> select Host,User from user;
+-----------+---------------+
| Host | User |
+-----------+---------------+
| % | root |
| localhost | mysql.session |
| localhost | mysql.sys |
| localhost | root |
+-----------+---------------+
4 rows in set (0.10 sec)
mysql>
2.4.2 改变 service type 为 LoadBalancer,使用 EXTERNAL-IP 访问
主要是改变了 service 的网络type类型 LoadBalancer
mysql yaml 配置(不带 cm(configMap))
apiVersion: apps/v1
kind: Deployment
metadata:
name: xh-apollo-mysql2
namespace: xh-apollo
spec:
selector:
matchLabels:
app: xh-apollo-mysql2
template:
metadata:
labels:
app: xh-apollo-mysql2
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: xh-apollo-mysql2
image: scdhb.f3322.net:32000/base-soft/mysql:release
imagePullPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: root
# command: ["RENAME USER `root`@`localhost` TO `root`@`%`"]
---
apiVersion: v1
kind: Service
metadata:
name: xh-apollo-mysql2
namespace: xh-apollo
spec:
type: LoadBalancer
selector:
app: xh-apollo-mysql2
ports:
- name: mysql-svc-port
port: 30084
targetPort: 3306
mysql yaml 配置(带 cm(configMap))
---
apiVersion: v1
kind: Service
metadata:
name: xh-apollo-admin
namespace: xh-apollo
spec:
type: NodePort
selector:
app: xh-apollo-admin
ports:
- name: http
port: 8090
---
apiVersion: v1
kind: ConfigMap
metadata:
name: xh-apollo-mysql-cm
namespace: xh-apollo
labels:
app: xh-apollo-mysql-cm
data:
my.cnf: |-
[client]
default-character-set=utf8mb4
[mysql]
default-character-set=utf8mb4
[mysqld]
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
init_connect='SET NAMES utf8mb4'
skip-character-set-client-handshake = true
max_connections=2000
secure_file_priv=/var/lib/mysql
bind-address=0.0.0.0
symbolic-links=0
sql_mode='STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: xh-apollo-mysql
namespace: xh-apollo
spec:
selector:
matchLabels:
app: xh-apollo-mysql
template:
metadata:
labels:
app: xh-apollo-mysql
spec:
imagePullSecrets:
- name: secret-name
containers:
- name: xh-apollo-mysql
image: scdhb.f3322.net:32000/base-soft/mysql:release
imagePullPolicy: Always
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: root
args:
- --datadir
- /var/lib/mysql
volumeMounts:
- name: config
mountPath: /etc/mysql/conf.d/my.cnf
subPath: my.cnf
volumes:
- name: config
configMap:
name: xh-apollo-mysql-cm
# command: ["RENAME USER `root`@`localhost` TO `root`@`%`"]
---
apiVersion: v1
kind: Service
metadata:
name: xh-apollo-mysql
namespace: xh-apollo
spec:
type: LoadBalancer
selector:
app: xh-apollo-mysql
ports:
- name: mysql-svc-port
port: 30083
targetPort: 3306
# nodePort: 30083
查看部署结果:
[root@saaspy ~]# kubectl get svc,pod,cm -n xh-apollo
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/xh-apollo-admin NodePort 172.31.106.174 <none> 8090:30757/TCP 4m4s
service/xh-apollo-config NodePort 172.31.36.142 <none> 8080:31979/TCP 4m4s
service/xh-apollo-mysql LoadBalancer 172.31.52.61 xx.xx.xx.xx 30083:30281/TCP 4m3s
service/xh-apollo-mysql2 LoadBalancer 172.31.135.127 xx.xx.xx.xx 30084:30247/TCP 9s
service/xh-apollo-portal NodePort 172.31.0.146 <none> 8070:30439/TCP 4m4s
NAME READY STATUS RESTARTS AGE
pod/xh-apollo-admin-b6d9d48cf-snzwz 0/1 CrashLoopBackOff 4 4m4s
pod/xh-apollo-config-599bdb7b9b-cz656 0/1 Error 5 4m4s
pod/xh-apollo-mysql-7c6856978f-2rp6n 1/1 Running 0 4m3s
pod/xh-apollo-mysql2-65f7f7956b-6kg6n 1/1 Running 0 9s
pod/xh-apollo-portal-d85bffdc-qbq4p 0/1 Error 5 4m5s
NAME DATA AGE
configmap/xh-apollo-mysql-cm 1 4m4s
[root@saaspy ~]#
访问的时候就可以通过 EXTERNAL-IP 加 port 访问啦。
3 容器内部使用 curl、ping 命令
3.1 先要查看系统 cat release 或者 cat /etc/release
bash-4.4# pwd
/opt
bash-4.4# cat /etc/*release
3.8.2
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.8.2
PRETTY_NAME="Alpine Linux v3.8"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
bash-4.4#
bash-4.4# cd /etc
bash-4.4# pwd
/etc
bash-4.4# cat *release
3.8.2
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.8.2
PRETTY_NAME="Alpine Linux v3.8"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
bash-4.4#
3.2 是否存在命令 curl 、ping
bash-4.4# curl loclahost:8080
bash: curl: command not found
bash-4.4#
bash-4.4# ping localhost
PING localhost (127.0.0.1): 56 data bytes
64 bytes from 127.0.0.1: seq=0 ttl=64 time=0.037 ms
64 bytes from 127.0.0.1: seq=1 ttl=64 time=0.094 ms
64 bytes from 127.0.0.1: seq=2 ttl=64 time=0.040 ms
^C
--- localhost ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 0.037/0.057/0.094 ms
bash-4.4#
3.3 Alpine Linux v3.8 安装 curl
1.设置国内镜像源
sed -i 's/dl-cdn.alpinelinux.org/mirrors.ustc.edu.cn/g' /etc/apk/repositories
2.安装curl
apk add curl
3.4 其它系统
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt# ping 47.101.139.203
bash: ping: command not found
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt# cat /etc/*release
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt#
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt# apt update
Get:1 http://security.debian.org/debian-security buster/updates InRelease [65.4 kB]
Get:2 http://security.debian.org/debian-security buster/updates/main amd64 Packages [299 kB]
Get:3 http://deb.debian.org/debian buster InRelease [122 kB]
Get:4 http://deb.debian.org/debian buster-updates InRelease [51.9 kB]
Get:5 http://deb.debian.org/debian buster/main amd64 Packages [7907 kB]
Get:6 http://deb.debian.org/debian buster-updates/main amd64 Packages [15.2 kB]
Fetched 8460 kB in 6s (1321 kB/s)
Reading package lists... Done
Building dependency tree
Reading state information... Done
8 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt#
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt# apt-get curl
E: Invalid operation curl
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt# apt-get curl -y
E: Invalid operation curl
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt# apt-get install curl -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
lsb-base
...
...
Setting up curl (7.64.0-4+deb10u2) ...
Processing triggers for libc-bin (2.28-10) ...
root@xh-pandora-register01-678cf8bb8d-c8bb7:/opt#
# ping 命令
root@xh-pandora-register01-8477d49589-p4qxl:/opt#
root@xh-pandora-register01-8477d49589-p4qxl:/opt# apt-get install inetutils-ping -y
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following package was automatically installed and is no longer required:
lsb-base
Use 'apt autoremove' to remove it.
The following additional packages will be installed:
libidn11 netbase
The following NEW packages will be installed:
inetutils-ping libidn11 netbase
0 upgraded, 3 newly installed, 0 to remove and 8 not upgraded.
Need to get 362 kB of archives.
After this operation, 718 kB of additional disk space will be used.
0% [Connecting to deb.debian.org]
Get:1 http://deb.debian.org/debian buster/main amd64 netbase all 5.6 [19.4 kB]
Get:2 http://deb.debian.org/debian buster/main amd64 libidn11 amd64 1.33-2.2 [116 kB]
Get:3 http://deb.debian.org/debian buster/main amd64 inetutils-ping amd64 2:1.9.4-7+deb10u1 [226 kB]
Fetched 362 kB in 42s (8578 B/s)
debconf: delaying package configuration, since apt-utils is not installed
Selecting previously unselected package netbase.
(Reading database ... 7067 files and directories currently installed.)
Preparing to unpack .../archives/netbase_5.6_all.deb ...
Unpacking netbase (5.6) ...
Selecting previously unselected package libidn11:amd64.
Preparing to unpack .../libidn11_1.33-2.2_amd64.deb ...
Unpacking libidn11:amd64 (1.33-2.2) ...
Selecting previously unselected package inetutils-ping.
Preparing to unpack .../inetutils-ping_2%3a1.9.4-7+deb10u1_amd64.deb ...
Unpacking inetutils-ping (2:1.9.4-7+deb10u1) ...
Setting up libidn11:amd64 (1.33-2.2) ...
Setting up netbase (5.6) ...
Setting up inetutils-ping (2:1.9.4-7+deb10u1) ...
Processing triggers for libc-bin (2.28-10) ...
root@xh-pandora-register01-8477d49589-p4qxl:/opt#
4 ack 的 pod 数量限制
4.1 选择了 terway 网络,每个节点 pod 数量有限制
k8s 在建立 pod ,需要规划分配网络,有了限制,导致不能创建 pod,大量 pod 状态为 pending。
部署服务,不能按照pod 限制的最大数量来卡死 pod 实际部署数量,要预留数量,便于容器的滚动升级(ack 在计算 pod 个数时,Terminating 也算一个,在 k8s 中,针对单一个 pod 来升级,会被计算为两个,一个创建中 containerCreating,一个终止中 terminating)。至于保留多少pod,应该根据最大的并行升级数量来算,比如,需要升级3个pod,那么就要预留 3 个pod。
若是不规划好pod预留量,有可能会导致 k8s 崩溃(删除不掉,新建不了,二者相互等待)