分类目录归档:未分类

Kubernetes社区的Ingress Controller部署

该NGINX Ingress Controller为Kubernetes社区制作的(https://github.com/kubernetes/ingress-nginx),与之前写的NGINX公司制作的Ingress Controller(https://github.com/nginxinc/kubernetes-ingress)配置上不一样

安装非常的简单,执行下面的命令即可

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/mandatory.yaml

如果不是部署在云上,可以使用以下命令开启NodePort

kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/master/deploy/provider/baremetal/service-nodeport.yaml

安装完成后使用以下命令检测ingress容器状态

kubectl get pods --all-namespaces -l app.kubernetes.io/name=ingress-nginx --watch

使用以下命令可检测所安装的版本

POD_NAMESPACE=ingress-nginx
POD_NAME=$(kubectl get pods -n $POD_NAMESPACE -l app.kubernetes.io/name=ingress-nginx -o jsonpath='{.items[0].metadata.name}')
kubectl exec -it $POD_NAME -n $POD_NAMESPACE -- /nginx-ingress-controller --version

典型的Ingress配置文件如下

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test
spec:
  rules:
  - host: foo.bar.com
    http:
      paths:
      - backend:
          serviceName: s1
          servicePort: 80
  - host: bar.foo.com
    http:
      paths:
      - backend:
          serviceName: s2
          servicePort: 80

Dashboard的Ingress配置,k8s-dashboard-secret需先创建

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: k8s-dashboard
  namespace: kube-system
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/secure-backends: "true"

spec:
  tls:
   - secretName: k8s-dashboard-secret
  rules:
   - http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

OpenShift Origin 3.9离线部署方法

OpenShift Origin是一款开源的容器云平台,对应的商业版本是Red Hat OpenShift。OpenShift以Docker为容器运行环境、K8S为容器编排,加上一系列自动化工具构成了整个平台。

OpenShift安装先决条件:Docker
修改Docker配置文件

cat << EOF > /etc/docker/daemon.json
{
  "registry-mirrors": ["https://registry.docker-cn.com"],
  "insecure-registries": ["172.30.0.0/16"]
}
EOF
systemctl restart docker

从GitHub下载最新程序文件:https://github.com/openshift/origin/releases
本文将以3.9版本为基础,因此下载客户端:openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
将下载的文件上传至服务器,然后解压:

tar -xvzf openshift-origin-client-tools-v3.9.0-191fece-linux-64bit.tar.gz
cp openshift-origin-client-tools-v3.9.0-191fece-linux-64bit/oc /usr/local/bin

执行启动命令,192.168.1.41为服务器IP,启动后会自动下载所需的镜像文件

oc cluster up --public-hostname=192.168.1.41

启动完成后用浏览器登录https://192.168.1.41:8443即可范围系统,默认用户名和密码都是dev

使用stunnel连接squid

安装stunnel及squid等
yum install stunnel squid openssl openssl-devel -y

配置并启用squid服务
systemctl enable squid
systemctl start squid

创建stunnel配置文件
cp /usr/share/doc/stunnel-4.56/stunnel.conf-sample /etc/stunnel/stunnel.conf
vi /etc/stunnel/stunnel.conf
在Service definitions处加入
[squid]
accept = 8888
connect = 127.0.0.1:3128
cert = /etc/stunnel/stunnel.pem

创建stunnel密钥
openssl genrsa -out key.pem 2048
openssl req -new -x509 -key key.pem -out cert.pem -days 3650
cat key.pem cert.pem >> /etc/stunnel/stunnel.pem

创建stunnel运行目录
mkdir /var/run/stunnel
chown nobody:nobody /var/run/stunnel

创建stunnel启动脚本
vi /etc/systemd/system/stunnel.service
; systemd script for stunnel. Please put this file in
; /etc/systemd/system/stunnel.service or /usr/lib/systemd/system/stunnel.service
[Unit]
Description=SSL tunnel for network daemons
After=syslog.target
[Service]
ExecStart=/usr/bin/stunnel /etc/stunnel/stunnel.conf
ExecStop=kill -9 $(pgrep stunnel)
ExecStatus=pgrep stunnel
Type=forking
[Install]
WantedBy=multi-user.target

配置并启用stunnel服务
systemctl enable stunnel
systemctl start stunnel

下载stunnel客户端
https://www.stunnel.org/downloads.html

修改客户端stunnel.conf配置,在Service definitions处加入
[squid]
client = yes
accept = 127.0.0.1:8080
connect = X.X.X.X:8888
cert = stunnel.pem

NetScaler VPX与VMware ESXi Patch 201410001兼容问题

在更新了ESXi550-201410001 (Build 2143827)或ESXi510-201410001 (Build 219751)补丁后,NetScaler VPX网卡工作不正常,表现为性能低下,无法登录GUI,ping丢失。

目前的解决方案如下:

  1. 登录VPX
  2. > shell
  3. root@ns# cd /flash/boot
  4. root@ns# vi loader.conf.local
    添加hw.em.txd=512
  5. root@ns# reboot

http://support.citrix.com/article/CTX200278