Finology 大数据金融

通过大数据以量化金融

发表于 更新于 分类于 阅读次数: Waline:

环境

k8s version: v.1.16.3

dashboard: dashboard:v2.0.0-beta6

问题描述

K8S Dashboard安装好以后,通过Firefox浏览器是可以打开的,但通过Google Chrome浏览器,无法成功浏览页面。如图:

解决方案

kubeadm自动生成的证书,很多浏览器不支持。所以我们需要自己创建证书。

创建一个目录

存放证书等文件

1
2
mkdir key
cd key

生成证书

1
2
3
4
5
6
7
8
9
10
11
12
openssl genrsa -out dashboard.key 2048
Generating RSA private key, 2048 bit long modulus
.................+++
......+++
e is 65537 (0x10001)

# 172.16.64.229为master节点的IP地址
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=172.16.64.229'
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/CN=172.16.64.229
Getting Private key

删除原有证书

注意新版的Dashboard的namespace已经变为kubernetes-dashboard

1
2
kubectl delete secret kubernetes-dashboard-certs -n kubernetes-dashboard
secret "kubernetes-dashboard-certs" deleted

创建新证书的secret

1
2
kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt -n kubernetes-dashboard
secret/kubernetes-dashboard-certs created

查找正在运行的pod

1
2
3
4
kubectl get pod -n kubernetes-dashboard
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-76585494d8-dzgt9   1/1     Running   0          8m20s
kubernetes-dashboard-b65488c4-rcdjh          1/1     Running   0          8m20s

删除pod

1
2
3
4
kubectl delete po kubernetes-dashboard-b65488c4-rcdjh -n kubernetes-dashboard
pod "kubernetes-dashboard-b65488c4-rcdjh" deleted
kubectl delete po dashboard-metrics-scraper-76585494d8-dzgt9 -n kubernetes-dashboard
pod "dashboard-metrics-scraper-76585494d8-dzgt9" deleted

如果pod比较多的时候,可以使用以下这条命令批量删除。

1
kubectl get pod -n kubernetes-dashboard | grep -v NAME | awk '{print "kubectl delete po " $1 " -n kubernetes-dashboard"}' | sh

删除后,新的pod会自动启动起来。

这时,再次刷新Chrome浏览器的Dashboard页面,如图:

点击继续前往,页面就可以正常显示了。

发表于 更新于 分类于 阅读次数: Waline:

在CentOS7.6环境下通过yum安装Docker

通过二进制方式安装请参考 在CentOS上以二进制方式安装Docker

下载repo

1
2
cd /etc/yum.repos.d/
wget http://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

安装docker

1
yum install -y docker-ce

启动docker

1
systemctl start docker

systemd下的docker服务

安装并启动docker后,我们可以看到有两个service unit被生成了。

docker.service服务

/usr/lib/systemd/system/docker.service

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
[Unit]
Description=Docker Application Container Engine
Documentation=https://docs.docker.com
BindsTo=containerd.service
After=network-online.target firewalld.service containerd.service
Wants=network-online.target
Requires=docker.socket

[Service]
Type=notify
# the default is not to use systemd for cgroups because the delegate issues still
# exists and systemd currently does not support the cgroup feature set required
# for containers run by docker
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
ExecReload=/bin/kill -s HUP $MAINPID
TimeoutSec=0
RestartSec=2
Restart=always

# Note that StartLimit* options were moved from "Service" to "Unit" in systemd 229.
# Both the old, and new location are accepted by systemd 229 and up, so using the old location
# to make them work for either version of systemd.
StartLimitBurst=3

# Note that StartLimitInterval was renamed to StartLimitIntervalSec in systemd 230.
# Both the old, and new name are accepted by systemd 230 and up, so using the old name to make
# this option work for either version of systemd.
StartLimitInterval=60s

# Having non-zero Limit*s causes performance problems due to accounting overhead
# in the kernel. We recommend using cgroups to do container-local accounting.
LimitNOFILE=infinity
LimitNPROC=infinity
LimitCORE=infinity

# Comment TasksMax if your systemd version does not support it.
# Only systemd 226 and above support this option.
TasksMax=infinity

# set delegate yes so that systemd does not reset the cgroups of docker containers
Delegate=yes

# kill only the docker process, not all processes in the cgroup
KillMode=process

[Install]
WantedBy=multi-user.target

docker.socket服务

/usr/lib/systemd/system/docker.socket

1
2
3
4
5
6
7
8
9
10
11
12
[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target

启动docker的进程

1
2
root       1660      1  0 23:02 ?        00:00:03 /usr/bin/containerd
root       1820      1  0 23:13 ?        00:00:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

发表于 更新于 分类于 阅读次数: Waline:

我们在执行docker命令时,比如docker ps时,可能会遇到如下command not found的错误。

1
2
3
sudo docker ps
[sudo] password for simon: 
sudo: docker: command not found

这是什么原因呢?我们看看如下两条命令。

1
2
3
4
5
env | grep PATH
PATH=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/simon/.local/bin:/home/simon/bin

sudo env | grep PATH
PATH=/sbin:/bin:/usr/sbin:/usr/bin

发现环境变量PATH是不相同的。之所以出现sudo: docker: commmand not found的问题,是因为在PATH=/sbin:/bin:/usr/sbin:/usr/bin下面找不到docker程序。

可以添加一个docker组来解决。

如果是通过二进制安装的话,就不会自动生成docker组,所以需要我们自己生成。

1
sudo groupadd docker

同时把用户加入到这个组中,并重启docker。

1
2
3
sudo gpasswd -a simon docker
Adding user simon to group docker
sudo systemctl restart docker

用户以docker组重新登录一下

1
newgrp docker

这时,就可以正常使用docker命令了。

那我们会问,如果不把用户加入docker组,不加sudo执行docker命令又会怎样呢?

1
2
docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/json: dial unix /var/run/docker.sock: connect: permission denied

会发现当我们连接socket的时候,没法访问/var/run/docker.sock这个文件。

原因是,这个文件所属用户和用户组都是root的。我们用普通用户是没法访问的。

1
2
ls -l /var/run/docker.sock
srw-rw----. 1 root root 0 Nov 21 21:27 /var/run/docker.sock

但是,当我们把普通用户加入到docker这个用户组以后,那生成的/var/run/docker.sock的用户组已经变成docker了,所以就可以连接了。

1
2
ls -l /var/run/docker.sock
srw-rw----.  1 root docker    0 Nov 22 09:48 docker.sock

当然,我们没有直接解决sudo: docker: command not found的问题,但我觉得以上是解决docker命令没法使用的最佳实践。

0%