2023云计算国赛样题梳理

这篇具有很好参考价值的文章主要介绍了2023云计算国赛样题梳理。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。

typora-root

模块三 公有云(40)

任务1 公有云服务搭建(5分)

3.1.1 私有网络管理

在公有云中完成虚拟私有云网络的创建。

3.1.2 云实例管理

登录公有云平台,创建两台云实例虚拟机。
3.1.3 管理数据库

使用intnetX-mysql网络创建两台chinaskill-sql-1和chinaskill-sql-2云服务器,并完成MongoDB安装。

##创建云服务器与上一步一样
##node1与node2进行一样的操作
[root@node1 ~]# vi /etc/yum.repos.d/
CentOS-Base.repo       CentOS-Debuginfo.repo  CentOS-Media.repo      CentOS-Vault.repo      epel.repo.rpmnew
CentOS-CR.repo         CentOS-fasttrack.repo  CentOS-Sources.repo    epel.repo              epel-testing.repo
[root@node1 ~]# vi /etc/yum.repos.d/mongodb-org-4.0.repo
[root@node1 ~]# cat /etc/yum.repos.d/mongodb-org-4.0.repo 
[mngodb-org]
name=MongoDB Repository
baseurl=http://mirrors.aliyun.com/mongodb/yum/redhat/7Server/mongodb-org/4.0/x86_64/
gpgcheck=0
enabled=1
[root@node1 ~]# yum install mongodb-org -y 
[root@node1 ~]# systemctl start mongod
[root@node1 ~]# systemctl enable mongod
[root@node1 ~]# systemctl status mongod
● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-04-27 10:26:16 CST; 12s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 8365 (mongod)
   CGroup: /system.slice/mongod.service
           └─8365 /usr/bin/mongod -f /etc/mongod.conf

Apr 27 10:26:15 node1 systemd[1]: Starting MongoDB Database Server...
Apr 27 10:26:15 node1 mongod[8362]: about to fork child process, waiting until server is ready for connections.
Apr 27 10:26:15 node1 mongod[8362]: forked process: 8365
Apr 27 10:26:16 node1 mongod[8362]: child process started successfully, parent exiting
Apr 27 10:26:16 node1 systemd[1]: Started MongoDB Database Server.

3.1.4 主从数据库

在chinaskill-sql-1和chinaskill-sql-2云服务器中配置MongoDB主从数据库。

#修改配置文件
[root@node1 ~]# vi /etc/mongod.conf 
bindIp: 0.0.0.0
replication:
  replSetName: test
#重启服务
[root@node1 ~]# systemctl restart mongod.service
#查看集群状态
[root@node1 ~]# mongo
> rs.status()
{
	"ok" : 0,
	"errmsg" : "no replset config has been received",
	"code" : 94,
	"codeName" : "NotYetInitialized"
}
> 
两个节点都和上图一样说明复制集正常启动了
#定义一个有关于主从同步的变量
> var config={_id:"test",members:
... [{_id:0,host:"172.16.2.197:27017"},
... {_id:1,host:"172.16.2.145:27017"}]}
> rs.initiate(config)
#初始化MongoDB的主从配置
> rs.initiate(config)
{ "ok" : 1 }
#查看状态
> rs.status()
{
        "set" : "test",
        "date" : ISODate("2023-04-27T02:38:55.312Z"),
        "myState" : 2,
        "term" : NumberLong(1),
        "syncingTo" : "172.16.2.197:27017",
        "syncSourceHost" : "172.16.2.197:27017",
        "syncSourceId" : 0,
        "heartbeatIntervalMillis" : NumberLong(2000),
        "optimes" : {
                "lastCommittedOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                },
                "readConcernMajorityOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                },
                "appliedOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                },
                "durableOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                }
        },
        "lastStableCheckpointTimestamp" : Timestamp(1682563087, 6),
        "electionParticipantMetrics" : {
                "votedForCandidate" : true,
                "electionTerm" : NumberLong(1),
                "lastVoteDate" : ISODate("2023-04-27T02:38:07.656Z"),
                "electionCandidateMemberId" : 0,
                "voteReason" : "",
                "lastAppliedOpTimeAtElection" : {
                        "ts" : Timestamp(1682563077, 1),
                        "t" : NumberLong(-1)
                },
                "maxAppliedOpTimeInSet" : {
                        "ts" : Timestamp(1682563077, 1),
                        "t" : NumberLong(-1)
                },
                "priorityAtElection" : 1,
                "newTermStartDate" : ISODate("2023-04-27T02:38:07.657Z"),
                "newTermAppliedDate" : ISODate("2023-04-27T02:38:08.145Z")
        },
        "members" : [
                {
                        "_id" : 0,
                        "name" : "172.16.2.197:27017",
                        "health" : 1,
                        "state" : 1,
                        "stateStr" : "PRIMARY",
                        "uptime" : 56,
                        "optime" : {
                                "ts" : Timestamp(1682563127, 1),
                                "t" : NumberLong(1)
                        },
                        "optimeDurable" : {
                                "ts" : Timestamp(1682563127, 1),
                                "t" : NumberLong(1)
                        },
                        "optimeDate" : ISODate("2023-04-27T02:38:47Z"),
                        "optimeDurableDate" : ISODate("2023-04-27T02:38:47Z"),
                        "lastHeartbeat" : ISODate("2023-04-27T02:38:54.642Z"),
                        "lastHeartbeatRecv" : ISODate("2023-04-27T02:38:53.657Z"),
                        "pingMs" : NumberLong(0),
                        "lastHeartbeatMessage" : "",
                        "syncingTo" : "",
                        "syncSourceHost" : "",
                        "syncSourceId" : -1,
                        "infoMessage" : "",
                        "electionTime" : Timestamp(1682563087, 1),
                        "electionDate" : ISODate("2023-04-27T02:38:07Z"),
                        "configVersion" : 1
                },
                {
                        "_id" : 1,
                        "name" : "172.16.2.145:27017",
                        "health" : 1,
                        "state" : 2,
                        "stateStr" : "SECONDARY",
                        "uptime" : 323,
                        "optime" : {
                                "ts" : Timestamp(1682563127, 1),
                                "t" : NumberLong(1)
                        },
                        "optimeDate" : ISODate("2023-04-27T02:38:47Z"),
                        "syncingTo" : "172.16.2.197:27017",
                        "syncSourceHost" : "172.16.2.197:27017",
                        "syncSourceId" : 0,
                        "infoMessage" : "",
                        "configVersion" : 1,
                        "self" : true,
                        "lastHeartbeatMessage" : ""
                }
        ],
        "ok" : 1,
        "operationTime" : Timestamp(1682563127, 1),
        "$clusterTime" : {
                "clusterTime" : Timestamp(1682563127, 1),
                "signature" : {
                        "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
                        "keyId" : NumberLong(0)
                }
        }
}
test:SECONDARY> 

#从节点查看
[root@node2]# mongo
> rs.status()
{
	"set" : "test",
	"date" : ISODate("2022-09-25T07:55:18.477Z"),
	"myState" : 2,
	"term" : NumberLong(1),
	"syncingTo" : "192.168.200.11:27017",
	"syncSourceHost" : "192.168.200.11:27017",
	"syncSourceId" : 0,
	"heartbeatIntervalMillis" : NumberLong(2000),
	"optimes" : {
		"lastCommittedOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		},
		"readConcernMajorityOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		},
		"appliedOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		},
		"durableOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		}
	},
	"lastStableCheckpointTimestamp" : Timestamp(1664092457, 7),
	"electionParticipantMetrics" : {
		"votedForCandidate" : true,
		"electionTerm" : NumberLong(1),
		"lastVoteDate" : ISODate("2022-09-25T07:54:17.523Z"),
		"electionCandidateMemberId" : 0,
		"voteReason" : "",
		"lastAppliedOpTimeAtElection" : {
			"ts" : Timestamp(1664092447, 1),
			"t" : NumberLong(-1)
		},
		"maxAppliedOpTimeInSet" : {
			"ts" : Timestamp(1664092447, 1),
			"t" : NumberLong(-1)
		},
		"priorityAtElection" : 1,
		"newTermStartDate" : ISODate("2022-09-25T07:54:17.525Z"),
		"newTermAppliedDate" : ISODate("2022-09-25T07:54:18.396Z")
	},
	"members" : [
		{
			"_id" : 0,
			"name" : "192.168.200.11:27017",
			"health" : 1,
			"state" : 1,
			"stateStr" : "PRIMARY",
			"uptime" : 69,
			"optime" : {
				"ts" : Timestamp(1664092507, 1),
				"t" : NumberLong(1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(1664092507, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2022-09-25T07:55:07Z"),
			"optimeDurableDate" : ISODate("2022-09-25T07:55:07Z"),
			"lastHeartbeat" : ISODate("2022-09-25T07:55:16.508Z"),
			"lastHeartbeatRecv" : ISODate("2022-09-25T07:55:17.618Z"),
			"pingMs" : NumberLong(0),
			"lastHeartbeatMessage" : "",
			"syncingTo" : "",
			"syncSourceHost" : "",
			"syncSourceId" : -1,
			"infoMessage" : "",
			"electionTime" : Timestamp(1664092457, 1),
			"electionDate" : ISODate("2022-09-25T07:54:17Z"),
			"configVersion" : 1
		},
		{
			"_id" : 1,
			"name" : "192.168.200.12:27017",
			"health" : 1,
			"state" : 2,
			"stateStr" : "SECONDARY",
			"uptime" : 669,
			"optime" : {
				"ts" : Timestamp(1664092517, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2022-09-25T07:55:17Z"),
			"syncingTo" : "192.168.200.11:27017",
			"syncSourceHost" : "192.168.200.11:27017",
			"syncSourceId" : 0,
			"infoMessage" : "",
			"configVersion" : 1,
			"self" : true,
			"lastHeartbeatMessage" : ""
		}
	],
	"ok" : 1,
	"operationTime" : Timestamp(1664092517, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1664092517, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
}
test:SECONDARY> 
#验证主从
##在主库上,我们来创建数据
test:PRIMARY> use test
switched to db test
test:PRIMARY> db.createCollection("test")
{
	"ok" : 1,
	"operationTime" : Timestamp(1664092674, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1664092674, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
}
test:PRIMARY> show databases
admin   0.000GB
config  0.000GB
local   0.000GB
test    0.000GB
#接下来,我们来到从库上,来查看我们在主库上创建的结果是否出现在了从库上。
test:SECONDARY> show dbs
2022-09-25T15:58:54.336+0800 E QUERY    [js] Error: listDatabases failed:{
	"operationTime" : Timestamp(1664092727, 1),
	"ok" : 0,
	"errmsg" : "not master and slaveOk=false",
	"code" : 13435,
	"codeName" : "NotMasterNoSlaveOk",
	"$clusterTime" : {
		"clusterTime" : Timestamp(1664092727, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:151:1
shellHelper.show@src/mongo/shell/utils.js:882:13
shellHelper@src/mongo/shell/utils.js:766:15
@(shellhelp2):1:1
#从上图可以看出,我们在从库上查询的操作失败,这是因为在配置了MongoDB的主从同步后,在MongoDB的从库上,没有读和写的权限,因此我们无法查看数据。
#设置从节点可读
test:SECONDARY> db.getMongo().setSlaveOk()
#同步成功
test:SECONDARY> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB
test    0.000

  

3.1.5 node环境管理

使用提供的压缩文件,安装Node.js环境。

[root@chinaskill-node-1-0002 ~]# wget https://nodejs.org/dist/v13.11.0/node-v13.11.0-linux-x64.tar.xz
--2023-05-04 08:41:12--  https://nodejs.org/dist/v13.11.0/node-v13.11.0-linux-x64.tar.xz
Resolving nodejs.org (nodejs.org)... 104.20.22.46, 104.20.23.46, 2606:4700:10::6814:172e, ...
Connecting to nodejs.org (nodejs.org)|104.20.22.46|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21225324 (20M) [application/x-xz]
Saving to: ‘node-v13.11.0-linux-x64.tar.xz’

100%[==================================================================>] 21,225,324  1.36MB/s   in 16s    

2023-05-04 08:41:29 (1.30 MB/s) - ‘node-v13.11.0-linux-x64.tar.xz’ saved [21225324/21225324]

[root@chinaskill-node-1-0002 ~]# ll
total 20728
-rw-r--r-- 1 root root 21225324 Mar 12  2020 node-v13.11.0-linux-x64.tar.xz
[root@chinaskill-node-1-0002 ~]# tar -xvf node-v13.11.0-linux-x64.tar.xz 
[root@chinaskill-node-1-0002 ~]# ll
total 20732
drwxr-xr-x 6 1001 1001     4096 Mar 12  2020 node-v13.11.0-linux-x64
-rw-r--r-- 1 root root 21225324 Mar 12  2020 node-v13.11.0-linux-x64.tar.xz
[root@chinaskill-node-1-0002 ~]# cd node-v13.11.0-linux-x64
[root@chinaskill-node-1-0002 node-v13.11.0-linux-x64]# ll
total 176
drwxr-xr-x 2 1001 1001  4096 Mar 12  2020 bin
-rw-r--r-- 1 1001 1001 54110 Mar 12  2020 CHANGELOG.md
drwxr-xr-x 3 1001 1001  4096 Mar 12  2020 include
drwxr-xr-x 3 1001 1001  4096 Mar 12  2020 lib
-rw-r--r-- 1 1001 1001 77130 Mar 12  2020 LICENSE
-rw-r--r-- 1 1001 1001 26524 Mar 12  2020 README.md
drwxr-xr-x 5 1001 1001  4096 Mar 12  2020 share
[root@chinaskill-node-1-0002 node-v13.11.0-linux-x64]# cd bin/
[root@chinaskill-node-1-0002 bin]#  ./node -v
v13.11.0
[root@chinaskill-node-1-0002 ~]#  ln -s /root/node-v13.11.0-linux-x64/bin/node /usr/local/bin/node
[root@chinaskill-node-1-0002 ~]#  ln -s /root/node-v13.11.0-linux-x64/bin/npm /usr/local/bin/npm
[root@chinaskill-node-1-0002 ~]# node -v
v13.11.0

3.1.6 安全组管理

3.1.7 RocketChat上云

使用http服务器提供文件,将Rocket.Chat应用部署上云。

##上传rocketchat-cloud.tar.gz,进行解压
[root@chinaskill-node-1-0002 ~]# tar -xvf rocketchat-cloud.tar.gz
[root@chinaskill-node-1-0002 ~]# cd rocketchat
[root@chinaskill-node-1-0002 rocketchat]# ll
total 304780
drwxr-xr-x 2 root root      4096 Sep 28  2022 mongodb
drwxr-xr-x 2 root root      4096 Sep 28  2022 node
-rw-r--r-- 1 root root 167869971 Sep 28  2022 rocket.chat.tgz
-rw-r--r-- 1 root root 144210495 Sep 28  2022 yum.tar.gz
[root@chinaskill-node-1-0002 rocketchat]# cd node/
[root@chinaskill-node-1-0002 node]# ll
total 22592
-rw-r--r-- 1 root root 23131523 Apr  5  2022 node-v12.22.12-linux-x64.tar.gz
[root@chinaskill-node-1-0002 node]# 
[root@chinaskill-node-1-0002 node]# tar -zxvf node-v12.22.12-linux-x64.tar.gz -C /root/node
##修改环境变量S
[root@chinaskill-node-1-0002 node]# tail -1 /etc/profile
export PATH=/root/node/node-v12.22.12-linux-x64/bin:$PATH
[root@chinaskill-node-1-0002 node]# node -v
v12.22.12
[root@chinaskill-node-1-0002 node]# 
#安装依赖
[root@chinaskill-node-1-0002 ~]# yum install -y gcc-c++ make
[root@chinaskill-node-1-0002 ~]# yum install -y epel-release  GraphicsMagick
##解压rocket.chat.tgz软件包
[root@chinaskill-node-1-0002 rocketchat]# npm config set registry https://registry.npmmirror.com/
[root@chinaskill-node-1-0002 rocketchat]# npm config set ELECTRON_MIRROR https://cdn.npmmirror.com/dist/electron/
#打包
cd /tmp/bundle/programs/server/
npm install
#移到/opt并命名Rocket.Chat
mv /tmp/bundle /opt/Rocket.Chat
#添加用户
useradd -M rocketchat && usermod -L rocketchat
#赋予权限
chown -R rocketchat:rocketchat /opt/Rocket.Chat
#
[root@rocket Rocket.Chat]# vi /lib/systemd/system/rocketchat.service

[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service
[Service]
ExecStart=/usr/local/node/bin/node  /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://192.168.1.182:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://192.168.1.182:27017/local?replicaSet=rs01 ROOT_URL=http://localhost:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
#启动
[root@rocket Rocket.Chat]# systemctl start rocketchat
[root@rocket Rocket.Chat]# systemctl status rocketchat
● rocketchat.service - The Rocket.Chat server
   Loaded: loaded (/usr/lib/systemd/system/rocketchat.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-10-03 14:43:40 CST; 1min 54s ago
 Main PID: 8973 (node)
   CGroup: /system.slice/rocketchat.service
           └─8973 /usr/local/node/bin/node /opt/Rocket.Chat/main.js

Oct 03 14:44:00 rocket rocketchat[8973]: |       MongoDB Engine: wiredTiger              |
Oct 03 14:44:00 rocket rocketchat[8973]: |             Platform: linux                   |
Oct 03 14:44:00 rocket rocketchat[8973]: |         Process Port: 3000                    |
Oct 03 14:44:00 rocket rocketchat[8973]: |             Site URL: http://localhost:3000/  |
Oct 03 14:44:00 rocket rocketchat[8973]: |     ReplicaSet OpLog: Enabled                 |
Oct 03 14:44:00 rocket rocketchat[8973]: |          Commit Hash: 9b685693fb              |
Oct 03 14:44:00 rocket rocketchat[8973]: |        Commit Branch: HEAD                    |
Oct 03 14:44:00 rocket rocketchat[8973]: |                                               |
Oct 03 14:44:00 rocket rocketchat[8973]: +-----------------------------------------------+
Oct 03 14:44:26 rocket rocketchat[8973]: (node:8973) [DEP0005] DeprecationWarning: Buffer() is deprecated due to sec...stead.
Hint: Some lines were ellipsized, use -l to show in full.

3.1.8 NAT网关

根据要求创建一个公网NAT网关。

3.1.9云服务器备份

创建一个云服务器备份存储库名为server_backup,容量为100G。将ChinaSkill-node-1云服务器制作镜像文件chinaskill-image。

3.1.10 负载均衡器

根据要求创建一个负载均衡器chinaskill-elb。

3.1.11 弹性伸缩管理

根据要求新建一个弹性伸缩启动配置。

任务2 公有云服务运维(10分)

3.2.1 云容器引擎

在公有云上,按照要求创建一个x86架构的容器云集群。

3.2.2 云容器管理

使用插件管理在kcloud容器集群中安装Dashboard可视化监控界面。

3.2.3 使用kubectl操作集群

在kcloud集群中安装kubectl命令,使用kubectl命令管理kcloud集群。

#1 安装kubectl
其实node上是已经安装了kubectl的,但是会报这个错:
[root@kcloud-server ~]# kubectl get node
The connection to the server localhost:8080 was refused - did you specify the right host or port?
#这个其实是因为没有配置文件和环境变量的原因,为了记录整个过程,我把node节点上原有的kubectl卸载了。
然后重新安装:

先配置yum源(建议使用阿里的源,华为的不好用,期待完善)

cat <<EOF > /etc/yum.repos.d/kubernetes.repo

[kubernetes]

name=Kubernetes

baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/

enabled=1

gpgcheck=1

repo_gpgcheck=1

gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

EOF

然后开始安装,注意,版本一定要和集群的版本对应
[root@kcloud-server ~]# yum install -y kubectl-1.25.1
2 下载配置文件

这个在官网的页面按照操作进行就行(链接:https://console.huaweicloud.com/cce2.0/?agencyId=07fb10cb020026b81f90c00e0ba587f6&region=cn-east-3&locale=zh-cn#/app/resource/cluster/detail/accessAPI?clusterName=test&clusterId=7631fcee-894f-11ec-b434-0255ac1002c7&type=api)

点这里:
3 安装和配置kubectl

mkdir -p $HOME/.kube
mv -f kubeconfig.json $HOME/.kube/config

4 切换kubectl的访问模式
[root@kcloud-server home]# kubectl get node
NAME          STATUS   ROLES    AGE   VERSION
172.16.1.25   Ready    <none>   14m   v1.25.3-r0-25.1.23
[root@kcloud-server home]# 

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-E0IY6a7l-1686127383485)(/k8s1.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZJQFQg5W-1686127383486)(/k8s2.png)]

3.2.4 安装Helm

使用提供的Helm软件包,在kcloud集群中安装Helm服务。

[root@kcloud-21836 ~]# tar -zxvf helm-v3.10.1-linux-amd64.tar.gz 
linux-amd64/
linux-amd64/helm
linux-amd64/LICENSE
linux-amd64/README.md     
[root@kcloud-21836 ~]# helm version
version.BuildInfo{Version:"v3.10.1", GitCommit:"9f88ccb6aee40b9a0535fcc7efea6055e1ef72c9", GitTreeState:"clean", GoVersion:"go1.18.7"}

3.2.5 根据提供的chart包mariadb-7.3.14.tgz部署mariadb服务,修改mariadb使用NodePort模式对其进行访问。

[root@kcloud-21836 ~]# helm install mariadb mariadb/
NAME: mariadb
LAST DEPLOYED: Wed May 31 14:53:45 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
mariadb-848b94c775-d8np4     1/1     Running   0          29s
mysql-5c6c7986f5-4kr5b       1/1     Running   0          16m
nginx-d5f959df4-4lm2s        1/1     Running   0          6m26s
wordpress-7f9587fb4f-rrncz   1/1     Running   0          16m
[root@kcloud-21836 ~]# kubectl get svc |grep mariadb
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   11m

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EXoqGGhZ-1686127383486)(/mariadb1.png)]

3.2.6 在k8s集群中创建mariadb命名空间,根据提供的chart包mariadb-7.3.14.tgz修改其配置,使用NodePort模式对其进行访问。

[root@kcloud-21836 ~]# cat mariadbnamespace.yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: mariadb
[root@kcloud-21836 ~]# kubectl create -f mariadbnamespace.yaml 
namespace/mariadb created
[root@kcloud-21836 ~]# helm install mariadb mariadb/ -n mariadb
NAME: mariadb
LAST DEPLOYED: Wed May 31 15:09:27 2023
NAMESPACE: mariadb
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.247.0.1       <none>        443/TCP          46m
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   15m
mysql        ClusterIP   10.247.202.181   <none>        3306/TCP         31m
nginx        NodePort    10.247.77.152    <none>        80:30880/TCP     21m
wordpress    NodePort    10.247.202.57    <none>        80:30417/TCP     31m
[root@kcloud-21836 ~]# kubectl get namespace
NAME              STATUS   AGE
default           Active   46m
kube-node-lease   Active   46m
kube-public       Active   46m
kube-system       Active   46m
mariadb           Active   6m4s
[root@kcloud-21836 ~]# kubectl get svc -n mariadb
NAME      TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
mariadb   NodePort   10.247.14.17   <none>        3306:32304/TCP   37s

3.2.7 云硬盘存储卷

按照要求购买云硬盘存储卷。

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-IYSsUO5j-1686127383487)(/云硬盘1.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-qknboSop-1686127383487)(/云硬盘2.png)]

3.2.8 多容器Pod管理

在kcloud集群节点/root目录下编写YAML文件mu-pod.yaml,要求一个pod中包含两个容器。

[root@kcloud-server ~]# vi mu-pod.yaml 

apiVersion: v1
kind: Pod
metadata:
  name: mu-pod
  namespace: default
spec:
  containers:
    - name: containers01
      image: nginx
      ports:
        - name: http
          containerPort: 80
    - name: containers02
      image: tomcat
      ports:
        - name: tomcat
          containerPort: 80

3.2.9 Namespace管理

在kcloud集群节点/root目录下编写YAML文件my-namespace.yaml并创建namespace。

[root@kcloud-server ~]# vi  my-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: test

3.2.10 Secrets管理–Opaque

在master节点/root目录下编写YAML文件secret.yaml,要求执行文件创建密钥。

[root@kcloud-server ~]# vi secret.yaml

apiVersion: v1
kind: Secret
metadata:
  name: mysecret
  namespace: default
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm
type: Opaque

3.2.11 私有仓库管理

在master节点添加搭建的本地私有chart仓库源,并上传wordpress-13.0.23.tgz包至chartmuseum私有仓库中。可以使用本地仓库chart源部署应用。

#为/data/charts授予777权限
chmod 777 /data/charts/
#查看svc
[root@kcloud-server ~]# kubectl get svc -n chartmuseum
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
chartmuseum   ClusterIP   10.247.199.133   <none>        8080/TCP   24m

#添加本地仓库源,name 为 chartmuseum
[root@kcloud-server ~]# helm repo add chartmuseum http://10.247.199.133:8080
"chartmuseum" has been added to your repositories
[root@kcloud-server ~]# helm repo list
NAME       	URL                       
chartmuseum	http://10.247.199.133:8080
#上传wordpress-13.0.23.tgz 包至 chartmuseum 私有仓库中
[root@kcloud-server ~]# curl --data-binary "@wordpress-13.0.23.tgz" http://10.247.199.133:8080/api/charts
{"saved":true}[root@kcloud-server ~]# 
#更新仓库
[root@kcloud-server ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "chartmuseum" chart repository
Update Complete. ⎈ Happy Helming!#列出
[root@kcloud-server ~]# helm search repo wordpress
NAME                 	CHART VERSION	APP VERSION	DESCRIPTION                                       
chartmuseum/wordpress	13.0.23      	5.9.2      	WordPress is the world's most popular blogging ...

#/data/charts/目录查看
[root@kcloud-server charts]# ls
index-cache.yaml  wordpress-13.0.23.tgz

3.2.12 公有云安全:入侵检测系统

使用提供的makechk.tar.gz包安装chkrootkit入侵检测工具,安装完毕后使用chkrootkit工具扫描系。

#购买centos7.9云主机
#上传makechk.tar.gz,chkrootkit.tar.gz软件包
#解压makechk.tar.gz软件
#配置yum源
[root@ecs-cecc ~]# cat /etc/yum.repos.d/local.repo 
[local]
name=local
baseurl=file:///root/makechk
gpgcheck=0
enabled=1
[root@ecs-cecc ~]# yum makecache
#安装编译安装依赖包
[root@ecs-cecc packages]# cd /root/ && yum install -y gcc gcc-c++ make glibc*
#解压chkrootkit.tar.gz
#查看目录文件
[root@ecs-cecc ~]# cd chkrootkit-0.55/
[root@ecs-cecc chkrootkit-0.55]# ls
ACKNOWLEDGMENTS  chkdirs.c     chkproc.c   chkrootkit.lsm  chkwtmp.c  ifpromisc.c  patch   README.chklastlog  strings.c
check_wtmpx.c    chklastlog.c  chkrootkit  chkutmp.c       COPYRIGHT  Makefile     README  README.chkwtmp
#编译安装
[root@ecs-cecc chkrootkit-0.55]# make sense
cc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
cc -DHAVE_LASTLOG_H -o chkwtmp chkwtmp.c
cc -DHAVE_LASTLOG_H   -D_FILE_OFFSET_BITS=64 -o ifpromisc ifpromisc.c
cc  -o chkproc chkproc.c
cc  -o chkdirs chkdirs.c
cc  -o check_wtmpx check_wtmpx.c
cc -static  -o strings-static strings.c
cc  -o chkutmp chkutmp.c
#添加环境变量
[root@ecs-cecc ~]# cp -r chkrootkit-0.55/ /usr/local/chkrootkit
[root@ecs-cecc ~]# cd /usr/local/chkrootkit/
[root@ecs-cecc chkrootkit]# ls
ACKNOWLEDGMENTS  chkdirs     chklastlog.c  chkrootkit      chkutmp.c  COPYRIGHT    Makefile  README.chklastlog  strings-static
check_wtmpx      chkdirs.c   chkproc       chkrootkit.lsm  chkwtmp    ifpromisc    patch     README.chkwtmp
check_wtmpx.c    chklastlog  chkproc.c     chkutmp         chkwtmp.c  ifpromisc.c  README    strings.c
[root@ecs-cecc chkrootkit]# cp chkrootkit /usr/bin/
#查看版本
[root@ecs-cecc chkrootkit]# chkrootkit -V
chkrootkit version 0.55
#创建/var/log/chkrootkit/chkrootkit.log文件
[root@ecs-cecc ~]# mkdir /var/log/chkrootkit/
[root@ecs-cecc ~]# touch /var/log/chkrootkit/chkrootkit.log
#扫描系统保存至/var/log/chkrootkit/chkrootkit.log
[root@ecs-cecc ~]# chkrootkit > /var/log/chkrootkit/chkrootkit.log
#查看扫描结果
[root@ecs-cecc ~]# cat  /var/log/chkrootkit/chkrootkit.log
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... can't exec ./strings-static, not tested
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not found
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... 
/usr/lib/debug/usr/.dwz

Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for Linux/Ebury - Operation Windigo ssh... not tested
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for Mumblehard Linux ... nothing found
Searching for Backdoor.Linux.Mokes.a ... nothing found
Searching for Malicious TinyDNS ... nothing found
Searching for Linux.Xor.DDoS ... nothing found
Searching for Linux.Proxy.1.0 ... nothing found
Searching for CrossRAT ... nothing found
Searching for Hidden Cobra ... nothing found
Searching for Rocke Miner ... nothing found
Searching for PWNLNX4 lkm... nothing found
Searching for PWNLNX6 lkm... nothing found
Searching for Umbreon lrk... nothing found
Searching for Kinsing.a backdoor... nothing found
Searching for RotaJakiro backdoor... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... Warning: `//root/.bash_history
//root/.history' file size is zero
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... not tested: can't exec 
Checking `rexedcs'... not found
Checking `sniffer'... not tested: can't exec ./ifpromisc
Checking `w55808'... not infected
Checking `wted'... not tested: can't exec ./chkwtmp
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... not tested: can't exec ./chklastlog
Checking `chkutmp'... not tested: can't exec ./chkutmp
Checking `OSX_RSPLUG'... not tested

3.2.13 公有云安全:日志分析服务

然后使用提供的sepb_elk_latest.tar镜像安装ELK服务。

#上传docker-repo.tar.gz,sepb_elk_latest.tar
#解压docker-repo.tar.gz
#配置yum源安装docker
[root@ecs-cecc ~]# cat /etc/yum.repos.d/local.repo 
[local]
name=local
baseurl=file:///opt/docker-repo
gpgcheck=0
enabled=1
[root@ecs-cecc ~]# yum clean all
[root@ecs-cecc ~]# yum makecache
#安装docker
[root@ecs-cecc ~]# yum install -y docker-ce
#启动docker,设置为开机自启
[root@ecs-cecc ~]# systemctl start docker && systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
#查看状态
[root@ecs-cecc ~]# systemctl status docker
#导入镜像
[root@ecs-cecc ~]# docker load -i sepb_elk_latest.tar 
#启动elk容器(由于Elasticsearch启动需要最大虚拟内存区域数量,修改sysctl.conf文件追加vm.max_map_count=262144)
[root@ecs-cecc ~]# docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -e ES_MIN_MEM=128m -e ES_MAX_MEM=1024m -it --name elk sebp/elk:latest
[root@ecs-cecc ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                                                                                        NAMES
1bf5111a8a0c        sebp/elk:latest     "/usr/local/bin/star…"   About a minute ago   Up About a minute   0.0.0.0:5044->5044/tcp, 0.0.0.0:5601->5601/tcp, 9300/tcp, 0.0.0.0:9200->9200/tcp, 9600/tcp   elk
[root@ecs-cecc ~]# 
#上传filebeat-7.13.2-x86_64.rpm 
#安装filebeat
[root@ecs-cecc ~]# yum install -y filebeat-7.13.2-x86_64.rpm 
#启动
[root@ecs-cecc ~]# systemctl start filebeat
#查看状态
[root@ecs-cecc ~]# systemctl status filebeat

#应用filebeat
方式一:(收集yum数据到本地文件)
[root@ecs-cecc ~]# vi /etc/filebeat/filebeat.yml 
filebeat.inputs:
- type: log
  enabled: True
  paths:
      - /var/log/yum.log
output.file:
  path: "/tmp"
  filename: "filebeat-test.txt"
 #重启filebeat服务
 [root@ecs-cecc ~]# systemctl restart filebeat
 #安装httpd服务
 [root@ecs-cecc ~]# yum install -y  httpd
 #验证
 [root@ecs-cecc tmp]# cat /tmp/filebeat-test.txt
{"@timestamp":"2022-10-16T09:20:03.410Z","@metadata":{"beat":"filebeat","type":"_doc","version":"7.13.2"},"log":{"offset":2213,"file":{"path":"/var/log/yum.log"}},"message":"Oct 16 17:20:02 Installed: httpd-2.4.6-97.el7.centos.5.x86_64","input":{"type":"log"},"host":{"hostname":"ecs-cecc","architecture":"x86_64","name":"ecs-cecc","os":{"family":"redhat","name":"CentOS Linux","kernel":"3.10.0-1160.53.1.el7.x86_64","codename":"Core","type":"linux","platform":"centos","version":"7 (Core)"},"id":"acca19161ce94d449c58923b12797030","containerized":false,"ip":["192.168.1.151","fe80::f816:3eff:fe79:d168","172.17.0.1","fe80::42:40ff:fef4:5e7","fe80::14fb:49ff:feec:ffad"],"mac":["fa:16:3e:79:d1:68","02:42:40:f4:05:e7","16:fb:49:ec:ff:ad"]},"agent":{"version":"7.13.2","hostname":"ecs-cecc","ephemeral_id":"a522699e-3e6b-44a7-b833-d14b43d2edba","id":"67d653cb-908e-418f-9356-5b7f2461dbe8","name":"ecs-cecc","type":"filebeat"},"ecs":{"version":"1.8.0"},"cloud":{"machine":{"type":"c6s.xlarge.2"},"service":{"name":"Nova"},"provider":"openstack","instance":{"name":"ecs-cecc.novalocal","id":"i-0129dc00"},"availability_zone":"cn-east-2c"}}
方式二:(收集yum数据到Elasticsearch中)
#修改配置文件
[root@ecs-cecc ~]# cat /etc/filebeat/filebeat.yml 
filebeat.inputs:
- type: log
  enabled: True
  paths:
      - /var/log/yum.log
output.elasticsearch:
  hosts: ["localhost:9200"]
#重启
[root@ecs-cecc ~]# systemctl restart filebeat  
  

3.2.14 WordPress应用部署

根据提供的chart包wordpress-13.0.23.tgz部署WordPress服务。

[root@kcloud-21836 ~]# ll
total 17768
-rw-r----- 1 root root     1532 May 31 14:25 check_env.sh
-rw-r----- 1 root root     1935 May 31 14:25 disk_filter.sh
-rw------- 1 root root 14565908 May 31 14:30 helm-v3.10.1-linux-amd64.tar.gz
drwxr-xr-x 2 3434 3434     4096 May 31 14:33 linux-amd64
drwx------ 4 root root     4096 May 31 14:36 mariadb
drwx------ 4 root root     4096 May 31 14:34 nginx
-rw-r----- 1 root root      722 May 31 14:25 print_log.sh
-rw-r----- 1 root root  3595678 Nov 29  2022 socat.tgz
drwx------ 4 root root     4096 May 31 14:34 wordpress   
[root@kcloud-21836 ~]# helm install wordpress wordpress/ 
NAME: wordpress
LAST DEPLOYED: Wed May 31 14:37:44 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get pod
NAME                         READY   STATUS    RESTARTS   AGE
mysql-5c6c7986f5-4kr5b       1/1     Running   0          84s
wordpress-7f9587fb4f-rrncz   1/1     Running   0          84s
[root@kcloud-21836 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.247.0.1       <none>        443/TCP          46m
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   15m
mysql        ClusterIP   10.247.202.181   <none>        3306/TCP         31m
nginx        NodePort    10.247.77.152    <none>        80:30880/TCP     21m
wordpress    NodePort    10.247.202.57    <none>        80:30417/TCP     31m

3.2.15 ChartMuseum仓库部署

在k8s集群中创建chartmuseum命名空间,编写yaml文件在chartmuseum命名空间中使用chartmuseum:latest镜像创建本地私有chart仓库。

apiVersion: v1
kind: Namespace
metadata:
  name: chartmuseum
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: chartmuseum
  name: chartmuseum
  namespace: chartmuseum
spec:
  replicas: 1
  selector:
    matchLabels:
      app: chartmuseum
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: chartmuseum
    spec:
      containers:
      - image: chartmuseum/chartmuseum:latest
        imagePullPolicy: IfNotPresent
        name: chartmuseum
        ports:
        - containerPort: 8080
          protocol: TCP
        env:
        - name: DEBUG
          value: "1"
        - name: STORAGE
          value: local
        - name: STORAGE_LOCAL_ROOTDIR
          value: /charts
        resources:
          limits:
            cpu: 500m
            memory: 256Mi
          requests:
            cpu: 100m
            memory: 64Mi
        volumeMounts:
        - mountPath: /charts
          name: charts-volume
      volumes:
      - name: charts-volume
        nfs:
          path: /data/charts
          server: 192.168.200.10
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  name: chartmuseum
  namespace: chartmuseum
spec:
  ports:
    - port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: chartmuseum

3.2.16 生命周期管理-配置Pod生命周期

登录kcloud集群节点,在default命名空间下创建一个名Pod,并进行Pod生命周期管理。

##nginx为例
apiVersion: v1
kind: Pod
metadata: 
  name: pod-hook-exec
  namespace: dev
spec:
  containers:
  - name: main-container
    image: nginx:1.17.1
    ports: 
    - name: nginx-port
      containerPort: 80
    lifecycle:
      postStart:
        exec: #在容器启动的时候执行一个命令,修改掉nginx的默认首页内容
          command: ["/bin/sh","-c","echo postStart... > /usr/share/nginx/html/index.html"]
      preStop: #在容器停止之前停止nginx服务
        exec:
          command: ["/usr/sbin/nginx","-s","quit"]

3.2.17 定时任务管理—创建定时任务

在kcloud集群节点/root目录下编写yaml文件date.yaml完成定时管理任务。

apiversion: batch/vl beta 
kind: CronJob
metadata:
	name: hello
spec:
	schedule: "*/1 * * * *"
	jobTemplate:
		spec:
			template:
				spec:
					containers:
					- name:hello
					  image:busybox
					  args:
					  - /bin/sh
					  - -C
					  - date;echo Hello from the Kubernetes cluster restartPolicy:OnFailure

3.2.18 HPA管理—创建HPA规则

在kcloud集群节点/root目录下编写YAML文件hpa.yaml,完成HPA管理。

[root@k8s-master-node1 ~]# cat web.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
[root@k8s-master-node1 ~]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: 500m  # 指定所需的 CPU 资源 request
[root@k8s-master-node1 ~]# cat hpa.yaml
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: web
  namespace: default
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: web
  minReplicas: 1
  maxReplicas: 1000  #指定伸缩范围为 1–1000
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 80
  behavior:
    scaleUp:
      stabilizationWindowSeconds: 5
      policies:
      - type: Pods
        value: 9    #9倍数量的副本数
        periodSeconds: 1
    scaleDown:
      stabilizationWindowSeconds: 5  #时间窗口为 5s
      policies:
      - type: Pods
        value: 1
        periodSeconds: 1
[root@k8s-master-node1 ~]# kubectl apply -f web.yaml
[root@k8s-master-node1 ~]# kubectl apply -f deployment.yaml
[root@k8s-master-node1 ~]# kubectl apply -f hpa.yaml

3.2.19 使用Helm模板

使用赛项提供的mychart-0.1.0.tgz模板包,在kcloud集群中安装名为nginx的模板实例。文章来源地址https://www.toymoban.com/news/detail-557353.html

[root@kcloud-21836 ~]# helm install nginx nginx/ 
NAME: nginx
LAST DEPLOYED: Wed May 31 14:47:47 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get pod
NAME                         READY   STATUS    RESTARTS   AGE
mysql-5c6c7986f5-4kr5b       1/1     Running   0          10m
nginx-d5f959df4-4lm2s        1/1     Running   0          9s
wordpress-7f9587fb4f-rrncz   1/1     Running   0          10m
[root@kcloud-21836 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.247.0.1       <none>        443/TCP          46m
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   15m
mysql        ClusterIP   10.247.202.181   <none>        3306/TCP         31m
nginx        NodePort    10.247.77.152    <none>        80:30880/TCP     21m
wordpress    NodePort    10.247.202.57    <none>        80:30417/TCP     31m

到了这里,关于2023云计算国赛样题梳理的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • Navicat 强大的数据模型功能 | 面向数据库设计、架构和数据资产梳理等使用场景

    数据模型是用来描述数据、组织数据和对数据进行操作的一组概念和定义。根据不同的应用需求,数据模型可以分为概念模型、逻辑模型和物理模型。这些数据模型帮助数据库设计人员设计和管理数据库,以满足用户的需求。 Navicat 强大的数据模型功能主要适用于 MySQL、Ora

    2024年02月09日
    浏览(48)
  • 【数据库通关之路】 MySQL 全路线学习知识点梳理(下)

    本文是MYSQL零基础小白学习系列的第三篇文章,点此阅读 上一篇文章 文末 包邮随机送《MySQL数据库进阶实战 》 五本 (点击下方目录直达) 目的:主键是一行数据的唯一标识,要求非空且唯一 添加约束: 建完表后添加主键约束: 删除约束: 目的:保存数据时,未指定值则采

    2024年02月04日
    浏览(54)
  • 【数据库通关之路】 MySQL 全路线学习知识点梳理(上)

    这是一篇 MySQL 通关 硬核经验学习路线,包括数据库相关知识,SQL语句的使用,数据库约束,设计等。专为小白整理,针对数据库零基础的朋友们,手把手带你学习MySQL,让你轻松学会! 文末包邮送《WPS Office高效办公:数据处理与分析 》1本(点击下方目录直达),本文每+1000浏览

    2024年02月04日
    浏览(43)
  • 【数据库通关之路】 MySQL 全路线学习知识点梳理(中)

    本文是 MYSQL零基础小白学习 系列的第二篇文章,点此阅读 上一篇文章 文末包邮送《分布式中间件核心原理与RocketMQ最佳实践 》 (点击下方目录直达)一本,本文每+1000浏览额外加抽一人 需求 :设计包含如下信息的学生表,请注重数据类型、长度的合理性。 编号 姓名,姓名最

    2023年04月20日
    浏览(43)
  • 区块链国赛第一套样题(关于运维)

    基于给定服务器环境以及软件(地址\\\"/root/tools\\\"),搭建一条4节点的区块链系统并验证,具体工作内容如下: 1. 采用默认配置搭建区块链网络; 2. 通过命令验证区块链节点进程运行状况; 3. 通过命令验证区块链连接状态和共识状态日志输出。 前置准备工作:下载依赖(op

    2024年03月23日
    浏览(44)
  • 区块链国赛第二套样题(关于运维)

    基于给定服务器环境以及软件(地址“/root/tools”),使用Docker以默认配置安装单机4节点的区块链系统,并完成控制台工具的部署: 完成系统搭建配置与启动。 使用基于Docker命令查看区块链系统状态。 检查区块链系统节点node0连接状态输出。 配置控制台,管理相关证书并启

    2024年04月09日
    浏览(38)
  • 区块链国赛第四套样题(关于运维)

    通过给定区块链项目需求,进行区块链系统部署,包括系统部署、控制台部署等。通过监控工具完成对网络、节点服务的监控。最终利用业务需求规范,完成系统日志、网络参数、节点服务等系统结构的维护。 部署区块链服务器,配置管理平台参数及访问端口; 部署项目节

    2024年04月22日
    浏览(30)
  • 2023.5.14数据库设计

    项目中的文件来自B站视频(程序员青戈) https://www.bilibili.com/video/BV1U44y1W77D 数据库设计 1、article 在关系型数据库中, text 类型和 varchar 类型都是用来存储字符串的数据类型。它们之间的主要区别在于存储大小的限制和性能表现。 text 类型: 存储大小: text 类型是一种可变长

    2024年02月04日
    浏览(185)
  • 陶建辉在“2023 可信数据库发展大会”发表演讲,TDengine 入选中国数据库产业图谱

    当前,全球数字经济加速发展,数据正在成为重组全球要素资源、重塑全球经济结构、改变全球竞争格局的关键力量。数据库作为存储与处理数据的关键技术,在数字经济大浪潮下,全球数据库产业中新技术、新业态、新模式不断涌现。 7 月 4 日,由中国通信标准化协会和中

    2024年02月12日
    浏览(64)
  • 2023-08-28 数据库-并发控制-初步思考

    此前做查询优化和查询执行比较多, 一般是在一个单独的事务内考虑优化查询. 最近在做并发控制方面的事情, 一些此前考虑的较少的方面需要做更为深入的思考. 并发控制和事务的特性息息相关, 直白的说就是事务的隔离性, 但是这么理解过于肤浅, 本文做一些初步的思考. 一个

    2024年02月11日
    浏览(43)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包