Kubeservice博客

是非审之于己,毁誉听之于人,得失安之于数

TIPS之 Kubernetes Pod动态mount nfs方式

Kubernetes Pod动态mount nfs方式

Kubernetes Pod动态mount nfs方式 背景 为Pod 挂在一个nfs目录, 临时处理数据使用。 确保pod不重启。 验证方式 准备 nfs-server [root@xxxxx /var/lib/paascontainer/nfs]# exportfs -s /var/lib/paascontainer/nfs *(sync,wdelay,hide,no_subtree_check,sec=sys,rw,secure,no_root_squash,no_all_squash) [root@xxxxx /var/lib/paascontainer/nfs]# showmount -e 172.16.0.8 Export list

Posted by 董江 on Tuesday, October 17, 2023

TIPS之 Kubernetes kubelet 与 apiserver 断连后,依旧使用关闭连接

Kubernetes kubelet 与 apiserver 断连后,依旧使用关闭连接

Kubernetes kubelet 与 apiserver 断连后,依旧使用关闭连接 现象 表现是:通过kubelet 报错,一段时间后节点NotReady。 日志: E0906 02:03:08.585672 392662 reflector.go:123] object-"089f93c2"/"a697eaa005a-4b60b0": Failed to list *v1.ConfigMap: Get https://127.0.0.1:6443/api/v1/namespaces/089f93c2/configmaps?fieldSelector=metadata.name%3Da697eaa005a-4b60b0&limit=500&resourceVersion=0: read tcp 127.0.0.1:62060->127.0.0.1:6443: use of closed

Posted by 董江 on Tuesday, September 19, 2023

TIPS之 Kubernetes client-go 常用配置

Kubernetes client-go 常用配置

Kubernetes client-go 常用配置 第一篇: Kubernetes client-go使用方式 client-go config 配置 type Config struct { // Host must be a host string, a host:port pair, or a URL to the base of the apiserver. // If a URL is given then the (optional) Path of that URL represents a prefix that must //

Posted by 董江 on Monday, September 18, 2023

TIPS之 Kubernetes APIServer 异常504 GatewayTimeout

Kubernetes APIServer 异常504 GatewayTimeout

Kubernetes APIServer 异常 504 GatewayTimeout 问题一: Kubernetes APIServer 503 logging error output: service unavailable metrics.k8s.io/v1beta1 api-resource 不存在问题 I0908 17:58:06.013828 1 httplog.go:89] "HTTP" verb="GET" URI="/apis/metrics.k8s.io/v1beta1?timeout=32s" latency="511.066µs" userAgent="kubectl/v1.21.5 (linux/amd64) kubernetes/83c85a6" srcIP="10.253.101.202:56436" resp=503 statusStack=" goroutine 178079822 [running]: .... "

Posted by 董江 on Monday, September 11, 2023

运行时之 nydus vs estargz image format对比

nydus vs estargz image format对比

nydus vs estargz image format对比 背景 OCIv2 vs OCIv1 OCIv1是开源容器 规定的镜像格式标准(image format spec). OCIv2是解决OCIv1部分问题后,解决的镜像标准

Posted by 董江 on Monday, August 28, 2023

技术方案之 基于Cosign容器镜像签名/验证工具能力,实现Pod可信验证

基于Cosign容器镜像签名/验证工具能力,实现Pod可信验证

基于Cosign容器镜像签名/验证工具,实现K8s部署pod可信验证 腾讯云TKE集群,在23年5月,上线了一特性: Cerberus 组件支持对签名镜像进行可

Posted by 董江 on Thursday, August 3, 2023

TIPS之 Controller Manager拥塞,导致的绑定pvc的pod过慢

Controller Manager拥塞,导致的绑定pvc的pod过慢

1. 现象 线上k8s集群报警,部署带有PV/PVC的pod,pod启动完成时间长达4min+. 包括 创建PVC、创建PV,PVC变更bound状态

Posted by 董江 on Monday, July 17, 2023

TIPS之 Containerd 启动缓慢问题追查

Containerd 启动缓慢问题追查

一次Containerd 启动缓慢问题追查 div.notices { margin: 2rem 0; position: relative; } div.notices p { padding: 15px; white-space: pre-wrap; display: block; margin-top: 0rem; margin-bottom: 0rem; color: #666; } div.notices p:first-child:before { position: absolute; top: 2px; color: #fff; font-family: "Font Awesome 5 Free"; font-weight: 900; content: "\f06a"; left: 10px; } div.notices p:first-child:after { position: absolute;

Posted by Kubeservice博客 on Monday, July 3, 2023

avatar

董江, 程序猿, 爱好开源, 曾就职于百度、阿里、滴滴、华为、贝壳找房. 目前在中国移动 高级系统架构专家 | 这里主要分享工作中的点滴, 无规律、无规划、随性分享

QUICK LINKS
FEATURED TAGS
agent apiserver application bandwidth-limit cgo cgroupfs ci/cd client-go cloudnative cncf cni community container container-network-interface containerd controller coredns crd custom-controller deployment docker docker-build docker-image drop ebpf ecology egress etcd gitee github gitlab golang governance hpa http2 image ingress iptables jobs kata kata-runtime kernel kind kubelet kubenetes kubernetes library linux-os logging loki metrics monitor namespace network network-troubleshooting node nodeport pingmesh pod prestop prometheus proxyless pvc rollingupdate schedule scheduler serverless sidecar sigtrem systemd throttling timeout tools traceroute