
能力说明:
熟练掌握Docker各类高级特性,包括容器数据卷、DockerFile构建等;熟练使用Docker封装MySQL、Redis、Tomcat、Apache等镜像,并可在公有云或私有云部署并保持稳定运行。
暂时未有相关云产品技术能力~
阿里云技能认证
详细说明环境要求 创建Linux托管集群,添加OS为Windows的节点池来使用Windows节点 在集群上下发flexvolume组件 kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: alicloud-disk-common-windows provisioner: alicloud/disk parameters: type: cloud fstype: ntfs --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: alicloud-disk-efficiency-windows provisioner: alicloud/disk parameters: type: cloud_efficiency fstype: ntfs --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: alicloud-disk-ssd-windows provisioner: alicloud/disk parameters: type: cloud_ssd fstype: ntfs --- kind: StorageClass apiVersion: storage.k8s.io/v1 metadata: name: alicloud-disk-available-windows provisioner: alicloud/disk parameters: type: available fstype: ntfs --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: alicloud-disk-controller-runner rules: - apiGroups: [""] resources: ["persistentvolumes"] verbs: ["get", "list", "watch", "create", "delete"] - apiGroups: [""] resources: ["persistentvolumeclaims"] verbs: ["get", "list", "watch", "update"] - apiGroups: ["storage.k8s.io"] resources: ["storageclasses"] verbs: ["get", "list", "watch"] - apiGroups: [""] resources: ["events"] verbs: ["list", "watch", "create", "update", "patch"] --- apiVersion: v1 kind: ServiceAccount metadata: name: alicloud-disk-controller namespace: kube-system --- kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: run-alicloud-disk-controller subjects: - kind: ServiceAccount name: alicloud-disk-controller namespace: kube-system roleRef: kind: ClusterRole name: alicloud-disk-controller-runner apiGroup: rbac.authorization.k8s.io --- kind: Deployment apiVersion: extensions/v1beta1 metadata: name: alicloud-disk-controller-windows namespace: kube-system spec: replicas: 1 strategy: type: Recreate template: metadata: labels: app: alicloud-disk-controller spec: nodeSelector: beta.kubernetes.io/os: windows tolerations: - key: "os" operator: "Equal" value: "windows" effect: "NoSchedule" - effect: NoSchedule operator: Exists key: node-role.kubernetes.io/master - effect: NoSchedule operator: Exists key: node.cloudprovider.kubernetes.io/uninitialized serviceAccount: alicloud-disk-controller serviceAccountName: alicloud-disk-controller containers: - name: alicloud-disk-controller image: registry.cn-hangzhou.aliyuncs.com/acs/alicloud-disk-controller:v1.12.6.64f4aa74-windows1809 env: - name: OS_PLATFORM value: "windows" volumeMounts: - name: cloud-config mountPath: 'C:\etc\kubernetes' - name: logdir mountPath: 'C:\var\log\alicloud' volumes: - name: cloud-config hostPath: path: 'C:\etc\kubernetes' type: DirectoryOrCreate - name: logdir hostPath: path: 'C:\var\log\alicloud' type: DirectoryOrCreate --- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: name: flexvolume-windows namespace: kube-system labels: k8s-volume: flexvolume spec: selector: matchLabels: name: acs-flexvolume template: metadata: labels: name: acs-flexvolume spec: nodeSelector: beta.kubernetes.io/os: windows tolerations: - key: "os" operator: "Equal" value: "windows" effect: "NoSchedule" containers: - name: acs-flexvolume image: registry.cn-hangzhou.aliyuncs.com/acs/flexvolume:v1.12.6.b4d6e53-windows1809 imagePullPolicy: Always command: ["pwsh.exe"] args: ["-Command", "/entrypoint-windows.ps1"] securityContext: privileged: true env: - name: ACS_DISK value: "true" resources: limits: memory: 200Mi requests: cpu: 100m memory: 200Mi volumeMounts: - name: usrdir mountPath: 'C:\host' volumes: - name: usrdir hostPath: path: 'C:\' updateStrategy: type: RollingUpdate 验证 部署后可以下发下面yaml定义的pvc和deploy来验证存储组件是否已经可用: kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pvc-disk spec: accessModes: - ReadWriteOnce storageClassName: alicloud-disk-ssd-windows resources: requests: storage: 20Gi --- apiVersion: apps/v1 kind: Deployment metadata: name: dynamic-create labels: app: nginx spec: selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: nodeSelector: beta.kubernetes.io/os: windows tolerations: - key: "os" operator: "Equal" value: "windows" effect: "NoSchedule" containers: - name: nginx image: registry.cn-hangzhou.aliyuncs.com/acs/flexvolume:1.11.2.2af33e7-windows1809 command: ["pwsh.exe"] args: ["-Command", "start-sleep 1000"] volumeMounts: - name: disk-pvc mountPath: 'C:\data' volumes: - name: disk-pvc persistentVolumeClaim: claimName: pvc-disk 如果组件正常,可以看到自动创建出的pv: $ kubectl get pv NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE d-2zeh2yew2t48lu75joy1 20Gi RWO Delete Bound default/pvc-disk alicloud-disk-ssd 2m46s
环境要求 创建Linux托管集群,添加OS为Windows的节点池来使用Windows节点 集群已经部署了日志组件 添加Windows节点的logtail 在kube-system下的configmap alibaba-log-configuration中添加item ## 根据集群所在的region,写入对应的值 win-log-config-path: C:\Program Files (x86)\Alibaba\Logtail\conf\{your region}\ilogtail_config.json 部署Windows节点的daemonset apiVersion: extensions/v1beta1 kind: DaemonSet metadata: labels: k8s-app: win-logtail-ds name: win-logtail-ds namespace: kube-system spec: selector: matchLabels: k8s-app: logtail-ds kubernetes.io/cluster-service: "true" version: v1.0 template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: k8s-app: logtail-ds kubernetes.io/cluster-service: "true" version: v1.0 spec: containers: - env: - name: ALIYUN_LOGTAIL_CONFIG valueFrom: configMapKeyRef: key: win-log-config-path name: alibaba-log-configuration - name: ALIYUN_LOGTAIL_USER_ID valueFrom: configMapKeyRef: key: log-ali-uid name: alibaba-log-configuration - name: ALIYUN_LOGTAIL_USER_DEFINED_ID valueFrom: configMapKeyRef: key: log-machine-group name: alibaba-log-configuration - name: ALICLOUD_LOG_DOCKER_ENV_CONFIG value: "true" - name: ALICLOUD_LOG_ECS_FLAG value: "true" - name: ALICLOUD_LOG_DEFAULT_PROJECT valueFrom: configMapKeyRef: key: log-project name: alibaba-log-configuration - name: ALICLOUD_LOG_ENDPOINT valueFrom: configMapKeyRef: key: log-endpoint name: alibaba-log-configuration - name: ALICLOUD_LOG_DEFAULT_MACHINE_GROUP valueFrom: configMapKeyRef: key: log-machine-group name: alibaba-log-configuration - name: ALIYUN_LOG_ENV_TAGS value: _node_name_|_node_ip_ - name: _node_name_ valueFrom: fieldRef: apiVersion: v1 fieldPath: spec.nodeName - name: _node_ip_ valueFrom: fieldRef: apiVersion: v1 fieldPath: status.hostIP - name: cpu_usage_limit value: "1.0" - name: mem_usage_limit value: "512" - name: max_bytes_per_sec value: "20971520" - name: send_request_concurrency value: "20" image: registry.cn-hangzhou.aliyuncs.com/log-service/winlogtail:ltsc2019-1.0.0.10 imagePullPolicy: IfNotPresent name: logtail resources: limits: memory: 512Mi requests: cpu: 100m memory: 256Mi securityContext: privileged: false terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: '\\\\.\pipe\docker_engine' name: sock - mountPath: 'c:\ProgramData\docker' name: root readOnly: true - mountPath: 'c:\logtail_host' name: root-c readOnly: true nodeSelector: beta.kubernetes.io/os: windows terminationGracePeriodSeconds: 30 tolerations: - effect: NoSchedule key: os operator: Equal value: windows volumes: - hostPath: path: '\\\\.\pipe\docker_engine' name: sock - hostPath: path: 'c:\ProgramData\docker' name: root - hostPath: path: 'c:\' name: root-c 目前logtail仅限于支持采集stdout的输出至日志服务,后续会支持对日志文件的采集 部署完成后可以使用如下应用去验证是否可用: apiVersion: extensions/v1beta1 kind: Deployment metadata: labels: app: logtail-test name: logtail-test spec: replicas: 1 template: metadata: labels: app: logtail-test name: logtail-test spec: containers: - name: nanoserver image: mcr.microsoft.com/windows/servercore:1809 command: ["powershell.exe"] args: ["ping -t 127.0.0.1 -w 10000"] env: ######### 配置 环境变量 ########### - name: aliyun_logs_logtail-stdout value: stdout - name: aliyun_logs_logttail-tags value: tag1=v1 ################################# nodeSelector: beta.kubernetes.io/os: windows tolerations: - effect: NoSchedule key: os operator: Equal value: windows
接入virtual node 在容器服务的应用目录里找到“ack-virtual-node” 在提供的env中填入合适的值,然后安装即可: Key 说明 ALIYUN_CLUSTERID 集群ID(会自动填入) ALIYUN_RESOURCEGROUP_ID 资源组ID(可以留空) ECI_REGION 地域ID(会自动填入) ECI_VSWITCH 虚拟交换机ID(ECI Pod会挂在这个虚拟交换机下面) ECI_SECURITY_GROUP 安全组ID(ECI Pod会挂在这个安全组下面) ECI_ACCESS_KEY Access Key(virtual node用来操作ECI的凭证) ECI_SECRET_KEY Secret Key(virtual node用来操作ECI的凭证) 在纳管集群中,自有资源上的Pod和virtual node创建出来的ECI Pod默认并不互通
在容器服务的应用目录里找到“ack-alibaba-cloud-metrics-adapter” 填入AccessKeyId、AccessKeySecret、RegionId这三个参数,“创建”即可 部署完成后可以参考这里的例子
接入NPD 在容器服务的应用目录里找到“ack-node-problem-detector” 部署NPD要配置的参数较多: alibaba_cloud_plugins:不需要选择ram_role_check,nvidia_gpu_check视情况选择 serviceaccount:填入集群中权限较大的一个,一般自建的有admin-user,可以kubectl -n kube-system get sa来查看 env:填入AccessKeyId、AccessKeySecret、RegionId这三个参数 sls: enabled:如果需要将event归档到日志服务,就将enabled设为true topic:填写您的集群可读名称 project:填写您的集群对应的日志服务project名称 logstore:填写project下已有的某个logstore(如果要使用日志服务的事件中心功能,˙这里要填为k8s-event) internal:如果有专线,可以填为true,否则填为false dingtalk: enabled:如果需要将event告警到钉钉群,就将enabled设为true monitorkinds:选择要接收的告警类型,一般选择Node token:填入钉钉只能群助手的token(不是全部的URL) 创建事件中心 登录日志服务控制台。 在日志应用区域,单击K8s事件中心。 在事件中心管理页面,单击添加。 在添加事件中心页面,配置相关参数。 选择已有Project,可从Project下拉框中选择已创建的Project。(与NPD的参数保持一致) 配置成功后,即可使用事件中心
2019年09月