知易行难,看起来感觉已经很懂了,但是做到细节还是很挫
首先来看容器化相关技术,目前主流的技术包含docker , k8s, rancher, harbor等
k8s-harbor使用
配置域名 + 配置好hosts之后,我们还要配置信任证书,这里有两种方法,一种是直接通过/etc/docker/daemon.json的insecure-registries: {"insecure-registries": ["www.ops.aol.com","www.ops.aol.domain"]} https://www.cnblogs.com/linyouyi/p/11067414.html https://www.shikanon.com/2019/%E8%BF%90%E7%BB%B4/%E6%90%AD%E5%BB%BA%E7%A7%81%E6%9C%89%E9%95%9C%E5%83%8F%E4%BB%93%E5%BA%93harbor-%E9%85%8D%E7%BD%AEhttps/ docker tag 1c35c4412082 www.ops.aol.com/xxx/arc:1334 docker push www.ops.aol.com/xxx/arc:1334 kubectl create secret docker-registry secret-name --namespace=default --docker-server=http://www.ops.aol.com --docker-username=admin --docker-password=xxxx --docker-email=xxx@xxx.xxx deploy写法 www.ops.aol.com/aaa/aaa:2.5.0a https://www.jianshu.com/p/5d41d3895360
harbor相关
wget https://github.com/goharbor/harbor/releases/download/v2.0.0/harbor-offline-installer-v2.0.0.tgz cp harbor.yml.tmpl harbor.yml echo "47.111.162.xxx www.harbor.me" >> /etc/hosts /hostfs/data/cert/www.harbor.me.crt mkdir -p /hostfs/data/cert openssl genrsa -out ca.key 4096 openssl req -x509 -new -nodes -sha512 -days 3650 -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=www.harbor.me" -key ca.key -out ca.crt openssl genrsa -out www.harbor.me.key 4096 openssl req -sha512 -new -subj "/C=CN/ST=Beijing/L=Beijing/O=example/OU=Personal/CN=www.harbor.me" -key www.harbor.me.key -out www.harbor.me.csr cat > v3.ext <<-EOF authorityKeyIdentifier=keyid,issuer basicConstraints=CA:FALSE keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment extendedKeyUsage = serverAuth subjectAltName = @alt_names [alt_names] DNS.1=www.harbor.me DNS.2=harbor DNS.3=ks-allinone EOF openssl x509 -req -sha512 -days 3650 -extfile v3.ext -CA ca.crt -CAkey ca.key -CAcreateserial -in www.harbor.me.csr -out www.harbor.me.crt openssl x509 -inform PEM -in www.harbor.me.crt -out www.harbor.me.cert cp www.harbor.me.crt /etc/pki/ca-trust/source/anchors/www.harbor.me.crt mkdir -p /etc/docker/certs.d/www.harbor.me/ cp www.harbor.me.cert /etc/docker/certs.d/www.harbor.me/ cp www.harbor.me.key /etc/docker/certs.d/www.harbor.me/ cp ca.crt /etc/docker/certs.d/www.harbor.me/ # 停止 docker-compose down -v # 重新生成配置文件 ./prepare --with-notary --with-clair --with-chartmuseum # 启动 docker-compose up -d docker login https://www.harbor.me FYI:https://www.cnblogs.com/sanduzxcvbnm/p/11956347.html
相关命令
wget https://download.docker.com/linux/static/stable/x86_64/docker-19.03.10.tgz tar -xvf sudo cp docker/* /usr/bin/ sudo dockerd & // 删除所有的已停止容器 docker stop $(docker ps -a -q) docker rmi -f $(docker ps -a -q) wget http://storage.googleapis.com/kubernetes-release/release/v1.18.3/bin/linux/amd64/kubectl chmod +x kubectl sudo mv kubectl /usr/local/bin/kubectl sudo ln -s /usr/local/bin/kubectl /usr/bin/kubectl sudo curl -L https://github.com/docker/compose/releases/download/1.22.0/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose 删除 https://www.cnblogs.com/jackadam/p/8567846.html grok debug https://www.cnblogs.com/zhzhang/p/6756934.html docker run -d --restart=always --log-driver json-file --log-opt max-size=100m --log-opt max-file=2 --name kafka -p 9092:9092 -e KAFKA_BROKER_ID=0 -e KAFKA_ZOOKEEPER_CONNECT=x.x.x.x:2181/kafka -e KAFKA_ADVERTISED_LISTENERS=PLAINTEXT://x.x.x.x:9092 -e KAFKA_LISTENERS=PLAINTEXT://0.0.0.0:9092 -v /etc/localtime:/etc/localtime wurstmeister/kafka - type: log enabled: true paths: - /xxxx/call-succ.log tail_files: true fields: logtype: succ filter { if ( [fields][logtype] == "succ" ) { grok { match => { "message" => "(?<date>d{4}-d{2}-d{2}sd{2}:d{2}:d{2},d{3}).+(?<ip>((25[0-5].|2[0-4]d.|1d{2}.|[1-9]?d.){3}(25[0-5]|2[0-4]d|1d{2}|[1-9]?d)))+#/rest/(?<apiname>.*(?=/[a-z]+))/[a-z]+/(?<key>w+(?=#))#(?<detail>.*)"} } }