菜鸟追梦旅行

这个屌丝很懒，什么也没留下！

热门标签

2023云计算国赛样题梳理_2023全国技能大赛云计算应用赛项私有云容器云公有云答案

作者：菜鸟追梦旅行 | 2024-02-12 12:02:06

踩

2023全国技能大赛云计算应用赛项私有云容器云公有云答案

typora-root

模块三公有云（40）

任务1 公有云服务搭建（5分）

3.1.1 私有网络管理

在公有云中完成虚拟私有云网络的创建。

3.1.2 云实例管理

登录公有云平台，创建两台云实例虚拟机。
3.1.3 管理数据库

使用intnetX-mysql网络创建两台chinaskill-sql-1和chinaskill-sql-2云服务器，并完成MongoDB安装。


##创建云服务器与上一步一样
##node1与node2进行一样的操作
[root@node1 ~]# vi /etc/yum.repos.d/
CentOS-Base.repo       CentOS-Debuginfo.repo  CentOS-Media.repo      CentOS-Vault.repo      epel.repo.rpmnew
CentOS-CR.repo         CentOS-fasttrack.repo  CentOS-Sources.repo    epel.repo              epel-testing.repo
[root@node1 ~]# vi /etc/yum.repos.d/mongodb-org-4.0.repo
[root@node1 ~]# cat /etc/yum.repos.d/mongodb-org-4.0.repo 
[mngodb-org]
name=MongoDB Repository
baseurl=http://mirrors.aliyun.com/mongodb/yum/redhat/7Server/mongodb-org/4.0/x86_64/
gpgcheck=0
enabled=1
[root@node1 ~]# yum install mongodb-org -y 
[root@node1 ~]# systemctl start mongod
[root@node1 ~]# systemctl enable mongod
[root@node1 ~]# systemctl status mongod
● mongod.service - MongoDB Database Server
   Loaded: loaded (/usr/lib/systemd/system/mongod.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2023-04-27 10:26:16 CST; 12s ago
     Docs: https://docs.mongodb.org/manual
 Main PID: 8365 (mongod)
   CGroup: /system.slice/mongod.service
           └─8365 /usr/bin/mongod -f /etc/mongod.conf
 
Apr 27 10:26:15 node1 systemd[1]: Starting MongoDB Database Server...
Apr 27 10:26:15 node1 mongod[8362]: about to fork child process, waiting until server is ready for connections.
Apr 27 10:26:15 node1 mongod[8362]: forked process: 8365
Apr 27 10:26:16 node1 mongod[8362]: child process started successfully, parent exiting
Apr 27 10:26:16 node1 systemd[1]: Started MongoDB Database Server.

3.1.4 主从数据库

在chinaskill-sql-1和chinaskill-sql-2云服务器中配置MongoDB主从数据库。


#修改配置文件
[root@node1 ~]# vi /etc/mongod.conf 
bindIp: 0.0.0.0
replication:
  replSetName: test
#重启服务
[root@node1 ~]# systemctl restart mongod.service
#查看集群状态
[root@node1 ~]# mongo
> rs.status()
{
	"ok" : 0,
	"errmsg" : "no replset config has been received",
	"code" : 94,
	"codeName" : "NotYetInitialized"
}
> 
两个节点都和上图一样说明复制集正常启动了
#定义一个有关于主从同步的变量
> var config={_id:"test",members:
... [{_id:0,host:"172.16.2.197:27017"},
... {_id:1,host:"172.16.2.145:27017"}]}
> rs.initiate(config)
#初始化MongoDB的主从配置
> rs.initiate(config)
{ "ok" : 1 }
#查看状态
> rs.status()
{
        "set" : "test",
        "date" : ISODate("2023-04-27T02:38:55.312Z"),
        "myState" : 2,
        "term" : NumberLong(1),
        "syncingTo" : "172.16.2.197:27017",
        "syncSourceHost" : "172.16.2.197:27017",
        "syncSourceId" : 0,
        "heartbeatIntervalMillis" : NumberLong(2000),
        "optimes" : {
                "lastCommittedOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                },
                "readConcernMajorityOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                },
                "appliedOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                },
                "durableOpTime" : {
                        "ts" : Timestamp(1682563127, 1),
                        "t" : NumberLong(1)
                }
        },
        "lastStableCheckpointTimestamp" : Timestamp(1682563087, 6),
        "electionParticipantMetrics" : {
                "votedForCandidate" : true,
                "electionTerm" : NumberLong(1),
                "lastVoteDate" : ISODate("2023-04-27T02:38:07.656Z"),
                "electionCandidateMemberId" : 0,
                "voteReason" : "",
                "lastAppliedOpTimeAtElection" : {
                        "ts" : Timestamp(1682563077, 1),
                        "t" : NumberLong(-1)
                },
                "maxAppliedOpTimeInSet" : {
                        "ts" : Timestamp(1682563077, 1),
                        "t" : NumberLong(-1)
                },
                "priorityAtElection" : 1,
                "newTermStartDate" : ISODate("2023-04-27T02:38:07.657Z"),
                "newTermAppliedDate" : ISODate("2023-04-27T02:38:08.145Z")
        },
        "members" : [
                {
                        "_id" : 0,
                        "name" : "172.16.2.197:27017",
                        "health" : 1,
                        "state" : 1,
                        "stateStr" : "PRIMARY",
                        "uptime" : 56,
                        "optime" : {
                                "ts" : Timestamp(1682563127, 1),
                                "t" : NumberLong(1)
                        },
                        "optimeDurable" : {
                                "ts" : Timestamp(1682563127, 1),
                                "t" : NumberLong(1)
                        },
                        "optimeDate" : ISODate("2023-04-27T02:38:47Z"),
                        "optimeDurableDate" : ISODate("2023-04-27T02:38:47Z"),
                        "lastHeartbeat" : ISODate("2023-04-27T02:38:54.642Z"),
                        "lastHeartbeatRecv" : ISODate("2023-04-27T02:38:53.657Z"),
                        "pingMs" : NumberLong(0),
                        "lastHeartbeatMessage" : "",
                        "syncingTo" : "",
                        "syncSourceHost" : "",
                        "syncSourceId" : -1,
                        "infoMessage" : "",
                        "electionTime" : Timestamp(1682563087, 1),
                        "electionDate" : ISODate("2023-04-27T02:38:07Z"),
                        "configVersion" : 1
                },
                {
                        "_id" : 1,
                        "name" : "172.16.2.145:27017",
                        "health" : 1,
                        "state" : 2,
                        "stateStr" : "SECONDARY",
                        "uptime" : 323,
                        "optime" : {
                                "ts" : Timestamp(1682563127, 1),
                                "t" : NumberLong(1)
                        },
                        "optimeDate" : ISODate("2023-04-27T02:38:47Z"),
                        "syncingTo" : "172.16.2.197:27017",
                        "syncSourceHost" : "172.16.2.197:27017",
                        "syncSourceId" : 0,
                        "infoMessage" : "",
                        "configVersion" : 1,
                        "self" : true,
                        "lastHeartbeatMessage" : ""
                }
        ],
        "ok" : 1,
        "operationTime" : Timestamp(1682563127, 1),
        "$clusterTime" : {
                "clusterTime" : Timestamp(1682563127, 1),
                "signature" : {
                        "hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
                        "keyId" : NumberLong(0)
                }
        }
}
test:SECONDARY> 
 
#从节点查看
[root@node2]# mongo
> rs.status()
{
	"set" : "test",
	"date" : ISODate("2022-09-25T07:55:18.477Z"),
	"myState" : 2,
	"term" : NumberLong(1),
	"syncingTo" : "192.168.200.11:27017",
	"syncSourceHost" : "192.168.200.11:27017",
	"syncSourceId" : 0,
	"heartbeatIntervalMillis" : NumberLong(2000),
	"optimes" : {
		"lastCommittedOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		},
		"readConcernMajorityOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		},
		"appliedOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		},
		"durableOpTime" : {
			"ts" : Timestamp(1664092517, 1),
			"t" : NumberLong(1)
		}
	},
	"lastStableCheckpointTimestamp" : Timestamp(1664092457, 7),
	"electionParticipantMetrics" : {
		"votedForCandidate" : true,
		"electionTerm" : NumberLong(1),
		"lastVoteDate" : ISODate("2022-09-25T07:54:17.523Z"),
		"electionCandidateMemberId" : 0,
		"voteReason" : "",
		"lastAppliedOpTimeAtElection" : {
			"ts" : Timestamp(1664092447, 1),
			"t" : NumberLong(-1)
		},
		"maxAppliedOpTimeInSet" : {
			"ts" : Timestamp(1664092447, 1),
			"t" : NumberLong(-1)
		},
		"priorityAtElection" : 1,
		"newTermStartDate" : ISODate("2022-09-25T07:54:17.525Z"),
		"newTermAppliedDate" : ISODate("2022-09-25T07:54:18.396Z")
	},
	"members" : [
		{
			"_id" : 0,
			"name" : "192.168.200.11:27017",
			"health" : 1,
			"state" : 1,
			"stateStr" : "PRIMARY",
			"uptime" : 69,
			"optime" : {
				"ts" : Timestamp(1664092507, 1),
				"t" : NumberLong(1)
			},
			"optimeDurable" : {
				"ts" : Timestamp(1664092507, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2022-09-25T07:55:07Z"),
			"optimeDurableDate" : ISODate("2022-09-25T07:55:07Z"),
			"lastHeartbeat" : ISODate("2022-09-25T07:55:16.508Z"),
			"lastHeartbeatRecv" : ISODate("2022-09-25T07:55:17.618Z"),
			"pingMs" : NumberLong(0),
			"lastHeartbeatMessage" : "",
			"syncingTo" : "",
			"syncSourceHost" : "",
			"syncSourceId" : -1,
			"infoMessage" : "",
			"electionTime" : Timestamp(1664092457, 1),
			"electionDate" : ISODate("2022-09-25T07:54:17Z"),
			"configVersion" : 1
		},
		{
			"_id" : 1,
			"name" : "192.168.200.12:27017",
			"health" : 1,
			"state" : 2,
			"stateStr" : "SECONDARY",
			"uptime" : 669,
			"optime" : {
				"ts" : Timestamp(1664092517, 1),
				"t" : NumberLong(1)
			},
			"optimeDate" : ISODate("2022-09-25T07:55:17Z"),
			"syncingTo" : "192.168.200.11:27017",
			"syncSourceHost" : "192.168.200.11:27017",
			"syncSourceId" : 0,
			"infoMessage" : "",
			"configVersion" : 1,
			"self" : true,
			"lastHeartbeatMessage" : ""
		}
	],
	"ok" : 1,
	"operationTime" : Timestamp(1664092517, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1664092517, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
}
test:SECONDARY> 
#验证主从
##在主库上，我们来创建数据
test:PRIMARY> use test
switched to db test
test:PRIMARY> db.createCollection("test")
{
	"ok" : 1,
	"operationTime" : Timestamp(1664092674, 1),
	"$clusterTime" : {
		"clusterTime" : Timestamp(1664092674, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
}
test:PRIMARY> show databases
admin   0.000GB
config  0.000GB
local   0.000GB
test    0.000GB
#接下来，我们来到从库上，来查看我们在主库上创建的结果是否出现在了从库上。
test:SECONDARY> show dbs
2022-09-25T15:58:54.336+0800 E QUERY    [js] Error: listDatabases failed:{
	"operationTime" : Timestamp(1664092727, 1),
	"ok" : 0,
	"errmsg" : "not master and slaveOk=false",
	"code" : 13435,
	"codeName" : "NotMasterNoSlaveOk",
	"$clusterTime" : {
		"clusterTime" : Timestamp(1664092727, 1),
		"signature" : {
			"hash" : BinData(0,"AAAAAAAAAAAAAAAAAAAAAAAAAAA="),
			"keyId" : NumberLong(0)
		}
	}
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
Mongo.prototype.getDBs@src/mongo/shell/mongo.js:151:1
shellHelper.show@src/mongo/shell/utils.js:882:13
shellHelper@src/mongo/shell/utils.js:766:15
@(shellhelp2):1:1
#从上图可以看出，我们在从库上查询的操作失败，这是因为在配置了MongoDB的主从同步后，在MongoDB的从库上，没有读和写的权限，因此我们无法查看数据。
#设置从节点可读
test:SECONDARY> db.getMongo().setSlaveOk()
#同步成功
test:SECONDARY> show dbs
admin   0.000GB
config  0.000GB
local   0.000GB
test    0.000

3.1.5 node环境管理

使用提供的压缩文件，安装Node.js环境。


[root@chinaskill-node-1-0002 ~]# wget https://nodejs.org/dist/v13.11.0/node-v13.11.0-linux-x64.tar.xz
--2023-05-04 08:41:12--  https://nodejs.org/dist/v13.11.0/node-v13.11.0-linux-x64.tar.xz
Resolving nodejs.org (nodejs.org)... 104.20.22.46, 104.20.23.46, 2606:4700:10::6814:172e, ...
Connecting to nodejs.org (nodejs.org)|104.20.22.46|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 21225324 (20M) [application/x-xz]
Saving to: ‘node-v13.11.0-linux-x64.tar.xz’
 
100%[==================================================================>] 21,225,324  1.36MB/s   in 16s    
 
2023-05-04 08:41:29 (1.30 MB/s) - ‘node-v13.11.0-linux-x64.tar.xz’ saved [21225324/21225324]
 
[root@chinaskill-node-1-0002 ~]# ll
total 20728
-rw-r--r-- 1 root root 21225324 Mar 12  2020 node-v13.11.0-linux-x64.tar.xz
[root@chinaskill-node-1-0002 ~]# tar -xvf node-v13.11.0-linux-x64.tar.xz 
[root@chinaskill-node-1-0002 ~]# ll
total 20732
drwxr-xr-x 6 1001 1001     4096 Mar 12  2020 node-v13.11.0-linux-x64
-rw-r--r-- 1 root root 21225324 Mar 12  2020 node-v13.11.0-linux-x64.tar.xz
[root@chinaskill-node-1-0002 ~]# cd node-v13.11.0-linux-x64
[root@chinaskill-node-1-0002 node-v13.11.0-linux-x64]# ll
total 176
drwxr-xr-x 2 1001 1001  4096 Mar 12  2020 bin
-rw-r--r-- 1 1001 1001 54110 Mar 12  2020 CHANGELOG.md
drwxr-xr-x 3 1001 1001  4096 Mar 12  2020 include
drwxr-xr-x 3 1001 1001  4096 Mar 12  2020 lib
-rw-r--r-- 1 1001 1001 77130 Mar 12  2020 LICENSE
-rw-r--r-- 1 1001 1001 26524 Mar 12  2020 README.md
drwxr-xr-x 5 1001 1001  4096 Mar 12  2020 share
[root@chinaskill-node-1-0002 node-v13.11.0-linux-x64]# cd bin/
[root@chinaskill-node-1-0002 bin]#  ./node -v
v13.11.0
[root@chinaskill-node-1-0002 ~]#  ln -s /root/node-v13.11.0-linux-x64/bin/node /usr/local/bin/node
[root@chinaskill-node-1-0002 ~]#  ln -s /root/node-v13.11.0-linux-x64/bin/npm /usr/local/bin/npm
[root@chinaskill-node-1-0002 ~]# node -v
v13.11.0

3.1.6 安全组管理

3.1.7 RocketChat上云

使用http服务器提供文件，将Rocket.Chat应用部署上云。


##上传rocketchat-cloud.tar.gz，进行解压
[root@chinaskill-node-1-0002 ~]# tar -xvf rocketchat-cloud.tar.gz
[root@chinaskill-node-1-0002 ~]# cd rocketchat
[root@chinaskill-node-1-0002 rocketchat]# ll
total 304780
drwxr-xr-x 2 root root      4096 Sep 28  2022 mongodb
drwxr-xr-x 2 root root      4096 Sep 28  2022 node
-rw-r--r-- 1 root root 167869971 Sep 28  2022 rocket.chat.tgz
-rw-r--r-- 1 root root 144210495 Sep 28  2022 yum.tar.gz
[root@chinaskill-node-1-0002 rocketchat]# cd node/
[root@chinaskill-node-1-0002 node]# ll
total 22592
-rw-r--r-- 1 root root 23131523 Apr  5  2022 node-v12.22.12-linux-x64.tar.gz
[root@chinaskill-node-1-0002 node]# 
[root@chinaskill-node-1-0002 node]# tar -zxvf node-v12.22.12-linux-x64.tar.gz -C /root/node
##修改环境变量S
[root@chinaskill-node-1-0002 node]# tail -1 /etc/profile
export PATH=/root/node/node-v12.22.12-linux-x64/bin:$PATH
[root@chinaskill-node-1-0002 node]# node -v
v12.22.12
[root@chinaskill-node-1-0002 node]# 
#安装依赖
[root@chinaskill-node-1-0002 ~]# yum install -y gcc-c++ make
[root@chinaskill-node-1-0002 ~]# yum install -y epel-release  GraphicsMagick
##解压rocket.chat.tgz软件包
[root@chinaskill-node-1-0002 rocketchat]# npm config set registry https://registry.npmmirror.com/
[root@chinaskill-node-1-0002 rocketchat]# npm config set ELECTRON_MIRROR https://cdn.npmmirror.com/dist/electron/
#打包
cd /tmp/bundle/programs/server/
npm install
#移到/opt并命名Rocket.Chat
mv /tmp/bundle /opt/Rocket.Chat
#添加用户
useradd -M rocketchat && usermod -L rocketchat
#赋予权限
chown -R rocketchat:rocketchat /opt/Rocket.Chat
#
[root@rocket Rocket.Chat]# vi /lib/systemd/system/rocketchat.service
 
[Unit]
Description=The Rocket.Chat server
After=network.target remote-fs.target nss-lookup.target nginx.service mongod.service
[Service]
ExecStart=/usr/local/node/bin/node  /opt/Rocket.Chat/main.js
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=rocketchat
User=rocketchat
Environment=MONGO_URL=mongodb://192.168.1.182:27017/rocketchat?replicaSet=rs01 MONGO_OPLOG_URL=mongodb://192.168.1.182:27017/local?replicaSet=rs01 ROOT_URL=http://localhost:3000/ PORT=3000
[Install]
WantedBy=multi-user.target
#启动
[root@rocket Rocket.Chat]# systemctl start rocketchat
[root@rocket Rocket.Chat]# systemctl status rocketchat
● rocketchat.service - The Rocket.Chat server
   Loaded: loaded (/usr/lib/systemd/system/rocketchat.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2022-10-03 14:43:40 CST; 1min 54s ago
 Main PID: 8973 (node)
   CGroup: /system.slice/rocketchat.service
           └─8973 /usr/local/node/bin/node /opt/Rocket.Chat/main.js
 
Oct 03 14:44:00 rocket rocketchat[8973]: |       MongoDB Engine: wiredTiger              |
Oct 03 14:44:00 rocket rocketchat[8973]: |             Platform: linux                   |
Oct 03 14:44:00 rocket rocketchat[8973]: |         Process Port: 3000                    |
Oct 03 14:44:00 rocket rocketchat[8973]: |             Site URL: http://localhost:3000/  |
Oct 03 14:44:00 rocket rocketchat[8973]: |     ReplicaSet OpLog: Enabled                 |
Oct 03 14:44:00 rocket rocketchat[8973]: |          Commit Hash: 9b685693fb              |
Oct 03 14:44:00 rocket rocketchat[8973]: |        Commit Branch: HEAD                    |
Oct 03 14:44:00 rocket rocketchat[8973]: |                                               |
Oct 03 14:44:00 rocket rocketchat[8973]: +-----------------------------------------------+
Oct 03 14:44:26 rocket rocketchat[8973]: (node:8973) [DEP0005] DeprecationWarning: Buffer() is deprecated due to sec...stead.
Hint: Some lines were ellipsized, use -l to show in full.

3.1.8 NAT网关

根据要求创建一个公网NAT网关。

3.1.9云服务器备份

创建一个云服务器备份存储库名为server_backup，容量为100G。将ChinaSkill-node-1云服务器制作镜像文件chinaskill-image。

3.1.10 负载均衡器

根据要求创建一个负载均衡器chinaskill-elb。

3.1.11 弹性伸缩管理

根据要求新建一个弹性伸缩启动配置。

任务2 公有云服务运维（10分）

3.2.1 云容器引擎

在公有云上，按照要求创建一个x86架构的容器云集群。

3.2.2 云容器管理

使用插件管理在kcloud容器集群中安装Dashboard可视化监控界面。

3.2.3 使用kubectl操作集群

在kcloud集群中安装kubectl命令，使用kubectl命令管理kcloud集群。


#1 安装kubectl
其实node上是已经安装了kubectl的，但是会报这个错：
[root@kcloud-server ~]# kubectl get node
The connection to the server localhost:8080 was refused - did you specify the right host or port?
#这个其实是因为没有配置文件和环境变量的原因，为了记录整个过程，我把node节点上原有的kubectl卸载了。
然后重新安装：
 
先配置yum源（建议使用阿里的源，华为的不好用，期待完善）
 
cat <<EOF > /etc/yum.repos.d/kubernetes.repo
 
[kubernetes]
 
name=Kubernetes
 
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
 
enabled=1
 
gpgcheck=1
 
repo_gpgcheck=1
 
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg
 
EOF
 
然后开始安装，注意，版本一定要和集群的版本对应
[root@kcloud-server ~]# yum install -y kubectl-1.25.1
2 下载配置文件
 
这个在官网的页面按照操作进行就行（链接：https://console.huaweicloud.com/cce2.0/?agencyId=07fb10cb020026b81f90c00e0ba587f6&region=cn-east-3&locale=zh-cn#/app/resource/cluster/detail/accessAPI?clusterName=test&clusterId=7631fcee-894f-11ec-b434-0255ac1002c7&type=api）
 
点这里：
3 安装和配置kubectl
 
mkdir -p $HOME/.kube
mv -f kubeconfig.json $HOME/.kube/config
 
4 切换kubectl的访问模式
[root@kcloud-server home]# kubectl get node
NAME          STATUS   ROLES    AGE   VERSION
172.16.1.25   Ready    <none>   14m   v1.25.3-r0-25.1.23
[root@kcloud-server home]#

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-E0IY6a7l-1686127383485)(/k8s1.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-ZJQFQg5W-1686127383486)(/k8s2.png)]

3.2.4 安装Helm

使用提供的Helm软件包，在kcloud集群中安装Helm服务。


[root@kcloud-21836 ~]# tar -zxvf helm-v3.10.1-linux-amd64.tar.gz 
linux-amd64/
linux-amd64/helm
linux-amd64/LICENSE
linux-amd64/README.md     
[root@kcloud-21836 ~]# helm version
version.BuildInfo{Version:"v3.10.1", GitCommit:"9f88ccb6aee40b9a0535fcc7efea6055e1ef72c9", GitTreeState:"clean", GoVersion:"go1.18.7"}

3.2.5 根据提供的chart包mariadb-7.3.14.tgz部署mariadb服务，修改mariadb使用NodePort模式对其进行访问。


[root@kcloud-21836 ~]# helm install mariadb mariadb/
NAME: mariadb
LAST DEPLOYED: Wed May 31 14:53:45 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
mariadb-848b94c775-d8np4     1/1     Running   0          29s
mysql-5c6c7986f5-4kr5b       1/1     Running   0          16m
nginx-d5f959df4-4lm2s        1/1     Running   0          6m26s
wordpress-7f9587fb4f-rrncz   1/1     Running   0          16m
[root@kcloud-21836 ~]# kubectl get svc |grep mariadb
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   11m

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-EXoqGGhZ-1686127383486)(/mariadb1.png)]

3.2.6 在k8s集群中创建mariadb命名空间，根据提供的chart包mariadb-7.3.14.tgz修改其配置，使用NodePort模式对其进行访问。


[root@kcloud-21836 ~]# cat mariadbnamespace.yaml 
apiVersion: v1
kind: Namespace
metadata:
  name: mariadb
[root@kcloud-21836 ~]# kubectl create -f mariadbnamespace.yaml 
namespace/mariadb created
[root@kcloud-21836 ~]# helm install mariadb mariadb/ -n mariadb
NAME: mariadb
LAST DEPLOYED: Wed May 31 15:09:27 2023
NAMESPACE: mariadb
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.247.0.1       <none>        443/TCP          46m
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   15m
mysql        ClusterIP   10.247.202.181   <none>        3306/TCP         31m
nginx        NodePort    10.247.77.152    <none>        80:30880/TCP     21m
wordpress    NodePort    10.247.202.57    <none>        80:30417/TCP     31m
[root@kcloud-21836 ~]# kubectl get namespace
NAME              STATUS   AGE
default           Active   46m
kube-node-lease   Active   46m
kube-public       Active   46m
kube-system       Active   46m
mariadb           Active   6m4s
[root@kcloud-21836 ~]# kubectl get svc -n mariadb
NAME      TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)          AGE
mariadb   NodePort   10.247.14.17   <none>        3306:32304/TCP   37s

3.2.7 云硬盘存储卷

按照要求购买云硬盘存储卷。

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-IYSsUO5j-1686127383487)(/云硬盘1.png)]

[外链图片转存失败,源站可能有防盗链机制,建议将图片保存下来直接上传(img-qknboSop-1686127383487)(/云硬盘2.png)]

3.2.8 多容器Pod管理

在kcloud集群节点/root目录下编写YAML文件mu-pod.yaml，要求一个pod中包含两个容器。


[root@kcloud-server ~]# vi mu-pod.yaml 
 
apiVersion: v1
kind: Pod
metadata:
  name: mu-pod
  namespace: default
spec:
  containers:
    - name: containers01
      image: nginx
      ports:
        - name: http
          containerPort: 80
    - name: containers02
      image: tomcat
      ports:
        - name: tomcat
          containerPort: 80

3.2.9 Namespace管理

在kcloud集群节点/root目录下编写YAML文件my-namespace.yaml并创建namespace。


[root@kcloud-server ~]# vi  my-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
  name: test

3.2.10 Secrets管理–Opaque

在master节点/root目录下编写YAML文件secret.yaml，要求执行文件创建密钥。


[root@kcloud-server ~]# vi secret.yaml
 
apiVersion: v1
kind: Secret
metadata:
  name: mysecret
  namespace: default
data:
  username: YWRtaW4=
  password: MWYyZDFlMmU2N2Rm
type: Opaque

3.2.11 私有仓库管理

在master节点添加搭建的本地私有chart仓库源，并上传wordpress-13.0.23.tgz包至chartmuseum私有仓库中。可以使用本地仓库chart源部署应用。


#为/data/charts授予777权限
chmod 777 /data/charts/
#查看svc
[root@kcloud-server ~]# kubectl get svc -n chartmuseum
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
chartmuseum   ClusterIP   10.247.199.133   <none>        8080/TCP   24m
 
#添加本地仓库源，name 为 chartmuseum
[root@kcloud-server ~]# helm repo add chartmuseum http://10.247.199.133:8080
"chartmuseum" has been added to your repositories
[root@kcloud-server ~]# helm repo list
NAME       	URL                       
chartmuseum	http://10.247.199.133:8080
#上传wordpress-13.0.23.tgz 包至 chartmuseum 私有仓库中
[root@kcloud-server ~]# curl --data-binary "@wordpress-13.0.23.tgz" http://10.247.199.133:8080/api/charts
{"saved":true}[root@kcloud-server ~]# 
#更新仓库
[root@kcloud-server ~]# helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "chartmuseum" chart repository
Update Complete. ⎈ Happy Helming!⎈ 
#列出
[root@kcloud-server ~]# helm search repo wordpress
NAME                 	CHART VERSION	APP VERSION	DESCRIPTION                                       
chartmuseum/wordpress	13.0.23      	5.9.2      	WordPress is the world's most popular blogging ...
 
#/data/charts/目录查看
[root@kcloud-server charts]# ls
index-cache.yaml  wordpress-13.0.23.tgz

3.2.12 公有云安全：入侵检测系统

使用提供的makechk.tar.gz包安装chkrootkit入侵检测工具，安装完毕后使用chkrootkit工具扫描系。


#购买centos7.9云主机
#上传makechk.tar.gz，chkrootkit.tar.gz软件包
#解压makechk.tar.gz软件
#配置yum源
[root@ecs-cecc ~]# cat /etc/yum.repos.d/local.repo 
[local]
name=local
baseurl=file:///root/makechk
gpgcheck=0
enabled=1
[root@ecs-cecc ~]# yum makecache
#安装编译安装依赖包
[root@ecs-cecc packages]# cd /root/ && yum install -y gcc gcc-c++ make glibc*
#解压chkrootkit.tar.gz
#查看目录文件
[root@ecs-cecc ~]# cd chkrootkit-0.55/
[root@ecs-cecc chkrootkit-0.55]# ls
ACKNOWLEDGMENTS  chkdirs.c     chkproc.c   chkrootkit.lsm  chkwtmp.c  ifpromisc.c  patch   README.chklastlog  strings.c
check_wtmpx.c    chklastlog.c  chkrootkit  chkutmp.c       COPYRIGHT  Makefile     README  README.chkwtmp
#编译安装
[root@ecs-cecc chkrootkit-0.55]# make sense
cc -DHAVE_LASTLOG_H -o chklastlog chklastlog.c
cc -DHAVE_LASTLOG_H -o chkwtmp chkwtmp.c
cc -DHAVE_LASTLOG_H   -D_FILE_OFFSET_BITS=64 -o ifpromisc ifpromisc.c
cc  -o chkproc chkproc.c
cc  -o chkdirs chkdirs.c
cc  -o check_wtmpx check_wtmpx.c
cc -static  -o strings-static strings.c
cc  -o chkutmp chkutmp.c
#添加环境变量
[root@ecs-cecc ~]# cp -r chkrootkit-0.55/ /usr/local/chkrootkit
[root@ecs-cecc ~]# cd /usr/local/chkrootkit/
[root@ecs-cecc chkrootkit]# ls
ACKNOWLEDGMENTS  chkdirs     chklastlog.c  chkrootkit      chkutmp.c  COPYRIGHT    Makefile  README.chklastlog  strings-static
check_wtmpx      chkdirs.c   chkproc       chkrootkit.lsm  chkwtmp    ifpromisc    patch     README.chkwtmp
check_wtmpx.c    chklastlog  chkproc.c     chkutmp         chkwtmp.c  ifpromisc.c  README    strings.c
[root@ecs-cecc chkrootkit]# cp chkrootkit /usr/bin/
#查看版本
[root@ecs-cecc chkrootkit]# chkrootkit -V
chkrootkit version 0.55
#创建/var/log/chkrootkit/chkrootkit.log文件
[root@ecs-cecc ~]# mkdir /var/log/chkrootkit/
[root@ecs-cecc ~]# touch /var/log/chkrootkit/chkrootkit.log
#扫描系统保存至/var/log/chkrootkit/chkrootkit.log
[root@ecs-cecc ~]# chkrootkit > /var/log/chkrootkit/chkrootkit.log
#查看扫描结果
[root@ecs-cecc ~]# cat  /var/log/chkrootkit/chkrootkit.log
ROOTDIR is `/'
Checking `amd'... not found
Checking `basename'... not infected
Checking `biff'... not found
Checking `chfn'... not infected
Checking `chsh'... not infected
Checking `cron'... not infected
Checking `crontab'... not infected
Checking `date'... not infected
Checking `du'... not infected
Checking `dirname'... not infected
Checking `echo'... not infected
Checking `egrep'... not infected
Checking `env'... not infected
Checking `find'... not infected
Checking `fingerd'... not found
Checking `gpm'... not found
Checking `grep'... not infected
Checking `hdparm'... not found
Checking `su'... not infected
Checking `ifconfig'... not infected
Checking `inetd'... not tested
Checking `inetdconf'... not found
Checking `identd'... not found
Checking `init'... not infected
Checking `killall'... not infected
Checking `ldsopreload'... can't exec ./strings-static, not tested
Checking `login'... not infected
Checking `ls'... not infected
Checking `lsof'... not infected
Checking `mail'... not infected
Checking `mingetty'... not found
Checking `netstat'... not infected
Checking `named'... not found
Checking `passwd'... not infected
Checking `pidof'... not infected
Checking `pop2'... not found
Checking `pop3'... not found
Checking `ps'... not infected
Checking `pstree'... not infected
Checking `rpcinfo'... not found
Checking `rlogind'... not found
Checking `rshd'... not found
Checking `slogin'... not infected
Checking `sendmail'... not infected
Checking `sshd'... not found
Checking `syslogd'... not tested
Checking `tar'... not infected
Checking `tcpd'... not found
Checking `tcpdump'... not infected
Checking `top'... not infected
Checking `telnetd'... not found
Checking `timed'... not found
Checking `traceroute'... not found
Checking `vdir'... not infected
Checking `w'... not infected
Checking `write'... not infected
Checking `aliens'... no suspect files
Searching for sniffer's logs, it may take a while... nothing found
Searching for HiDrootkit's default dir... nothing found
Searching for t0rn's default files and dirs... nothing found
Searching for t0rn's v8 defaults... nothing found
Searching for Lion Worm default files and dirs... nothing found
Searching for RSHA's default files and dir... nothing found
Searching for RH-Sharpe's default files... nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... 
/usr/lib/debug/usr/.dwz
 
Searching for LPD Worm files and dirs... nothing found
Searching for Ramen Worm files and dirs... nothing found
Searching for Maniac files and dirs... nothing found
Searching for RK17 files and dirs... nothing found
Searching for Ducoci rootkit... nothing found
Searching for Adore Worm... nothing found
Searching for ShitC Worm... nothing found
Searching for Omega Worm... nothing found
Searching for Sadmind/IIS Worm... nothing found
Searching for MonKit... nothing found
Searching for Showtee... nothing found
Searching for OpticKit... nothing found
Searching for T.R.K... nothing found
Searching for Mithra... nothing found
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for HKRK rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
Searching for common ssh-scanners default files... nothing found
Searching for Linux/Ebury - Operation Windigo ssh... not tested
Searching for 64-bit Linux Rootkit ... nothing found
Searching for 64-bit Linux Rootkit modules... nothing found
Searching for Mumblehard Linux ... nothing found
Searching for Backdoor.Linux.Mokes.a ... nothing found
Searching for Malicious TinyDNS ... nothing found
Searching for Linux.Xor.DDoS ... nothing found
Searching for Linux.Proxy.1.0 ... nothing found
Searching for CrossRAT ... nothing found
Searching for Hidden Cobra ... nothing found
Searching for Rocke Miner ... nothing found
Searching for PWNLNX4 lkm... nothing found
Searching for PWNLNX6 lkm... nothing found
Searching for Umbreon lrk... nothing found
Searching for Kinsing.a backdoor... nothing found
Searching for RotaJakiro backdoor... nothing found
Searching for suspect PHP files... nothing found
Searching for anomalies in shell history files... Warning: `//root/.bash_history
//root/.history' file size is zero
Checking `asp'... not infected
Checking `bindshell'... not infected
Checking `lkm'... not tested: can't exec 
Checking `rexedcs'... not found
Checking `sniffer'... not tested: can't exec ./ifpromisc
Checking `w55808'... not infected
Checking `wted'... not tested: can't exec ./chkwtmp
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking `z2'... not tested: can't exec ./chklastlog
Checking `chkutmp'... not tested: can't exec ./chkutmp
Checking `OSX_RSPLUG'... not tested

3.2.13 公有云安全：日志分析服务

然后使用提供的sepb_elk_latest.tar镜像安装ELK服务。


#上传docker-repo.tar.gz，sepb_elk_latest.tar
#解压docker-repo.tar.gz
#配置yum源安装docker
[root@ecs-cecc ~]# cat /etc/yum.repos.d/local.repo 
[local]
name=local
baseurl=file:///opt/docker-repo
gpgcheck=0
enabled=1
[root@ecs-cecc ~]# yum clean all
[root@ecs-cecc ~]# yum makecache
#安装docker
[root@ecs-cecc ~]# yum install -y docker-ce
#启动docker，设置为开机自启
[root@ecs-cecc ~]# systemctl start docker && systemctl enable docker
Created symlink from /etc/systemd/system/multi-user.target.wants/docker.service to /usr/lib/systemd/system/docker.service.
#查看状态
[root@ecs-cecc ~]# systemctl status docker
#导入镜像
[root@ecs-cecc ~]# docker load -i sepb_elk_latest.tar 
#启动elk容器（由于Elasticsearch启动需要最大虚拟内存区域数量，修改sysctl.conf文件追加vm.max_map_count=262144）
[root@ecs-cecc ~]# docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -e ES_MIN_MEM=128m -e ES_MAX_MEM=1024m -it --name elk sebp/elk:latest
[root@ecs-cecc ~]# docker ps
CONTAINER ID        IMAGE               COMMAND                  CREATED              STATUS              PORTS                                                                                        NAMES
1bf5111a8a0c        sebp/elk:latest     "/usr/local/bin/star…"   About a minute ago   Up About a minute   0.0.0.0:5044->5044/tcp, 0.0.0.0:5601->5601/tcp, 9300/tcp, 0.0.0.0:9200->9200/tcp, 9600/tcp   elk
[root@ecs-cecc ~]#


#上传filebeat-7.13.2-x86_64.rpm 
#安装filebeat
[root@ecs-cecc ~]# yum install -y filebeat-7.13.2-x86_64.rpm 
#启动
[root@ecs-cecc ~]# systemctl start filebeat
#查看状态
[root@ecs-cecc ~]# systemctl status filebeat
 
#应用filebeat
方式一：（收集yum数据到本地文件）
[root@ecs-cecc ~]# vi /etc/filebeat/filebeat.yml 
filebeat.inputs:
- type: log
  enabled: True
  paths:
      - /var/log/yum.log
output.file:
  path: "/tmp"
  filename: "filebeat-test.txt"
 #重启filebeat服务
 [root@ecs-cecc ~]# systemctl restart filebeat
 #安装httpd服务
 [root@ecs-cecc ~]# yum install -y  httpd
 #验证
 [root@ecs-cecc tmp]# cat /tmp/filebeat-test.txt
{"@timestamp":"2022-10-16T09:20:03.410Z","@metadata":{"beat":"filebeat","type":"_doc","version":"7.13.2"},"log":{"offset":2213,"file":{"path":"/var/log/yum.log"}},"message":"Oct 16 17:20:02 Installed: httpd-2.4.6-97.el7.centos.5.x86_64","input":{"type":"log"},"host":{"hostname":"ecs-cecc","architecture":"x86_64","name":"ecs-cecc","os":{"family":"redhat","name":"CentOS Linux","kernel":"3.10.0-1160.53.1.el7.x86_64","codename":"Core","type":"linux","platform":"centos","version":"7 (Core)"},"id":"acca19161ce94d449c58923b12797030","containerized":false,"ip":["192.168.1.151","fe80::f816:3eff:fe79:d168","172.17.0.1","fe80::42:40ff:fef4:5e7","fe80::14fb:49ff:feec:ffad"],"mac":["fa:16:3e:79:d1:68","02:42:40:f4:05:e7","16:fb:49:ec:ff:ad"]},"agent":{"version":"7.13.2","hostname":"ecs-cecc","ephemeral_id":"a522699e-3e6b-44a7-b833-d14b43d2edba","id":"67d653cb-908e-418f-9356-5b7f2461dbe8","name":"ecs-cecc","type":"filebeat"},"ecs":{"version":"1.8.0"},"cloud":{"machine":{"type":"c6s.xlarge.2"},"service":{"name":"Nova"},"provider":"openstack","instance":{"name":"ecs-cecc.novalocal","id":"i-0129dc00"},"availability_zone":"cn-east-2c"}}
方式二：（收集yum数据到Elasticsearch中）
#修改配置文件
[root@ecs-cecc ~]# cat /etc/filebeat/filebeat.yml 
filebeat.inputs:
- type: log
  enabled: True
  paths:
      - /var/log/yum.log
output.elasticsearch:
  hosts: ["localhost:9200"]
#重启
[root@ecs-cecc ~]# systemctl restart filebeat

3.2.14 WordPress应用部署

根据提供的chart包wordpress-13.0.23.tgz部署WordPress服务。


[root@kcloud-21836 ~]# ll
total 17768
-rw-r----- 1 root root     1532 May 31 14:25 check_env.sh
-rw-r----- 1 root root     1935 May 31 14:25 disk_filter.sh
-rw------- 1 root root 14565908 May 31 14:30 helm-v3.10.1-linux-amd64.tar.gz
drwxr-xr-x 2 3434 3434     4096 May 31 14:33 linux-amd64
drwx------ 4 root root     4096 May 31 14:36 mariadb
drwx------ 4 root root     4096 May 31 14:34 nginx
-rw-r----- 1 root root      722 May 31 14:25 print_log.sh
-rw-r----- 1 root root  3595678 Nov 29  2022 socat.tgz
drwx------ 4 root root     4096 May 31 14:34 wordpress   
[root@kcloud-21836 ~]# helm install wordpress wordpress/ 
NAME: wordpress
LAST DEPLOYED: Wed May 31 14:37:44 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get pod
NAME                         READY   STATUS    RESTARTS   AGE
mysql-5c6c7986f5-4kr5b       1/1     Running   0          84s
wordpress-7f9587fb4f-rrncz   1/1     Running   0          84s
[root@kcloud-21836 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.247.0.1       <none>        443/TCP          46m
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   15m
mysql        ClusterIP   10.247.202.181   <none>        3306/TCP         31m
nginx        NodePort    10.247.77.152    <none>        80:30880/TCP     21m
wordpress    NodePort    10.247.202.57    <none>        80:30417/TCP     31m

3.2.15 ChartMuseum仓库部署

在k8s集群中创建chartmuseum命名空间，编写yaml文件在chartmuseum命名空间中使用chartmuseum:latest镜像创建本地私有chart仓库。


apiVersion: v1
kind: Namespace
metadata:
  name: chartmuseum
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: chartmuseum
  name: chartmuseum
  namespace: chartmuseum
spec:
  replicas: 1
  selector:
    matchLabels:
      app: chartmuseum
  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: chartmuseum
    spec:
      containers:
      - image: chartmuseum/chartmuseum:latest
        imagePullPolicy: IfNotPresent
        name: chartmuseum
        ports:
        - containerPort: 8080
          protocol: TCP
        env:
        - name: DEBUG
          value: "1"
        - name: STORAGE
          value: local
        - name: STORAGE_LOCAL_ROOTDIR
          value: /charts
        resources:
          limits:
            cpu: 500m
            memory: 256Mi
          requests:
            cpu: 100m
            memory: 64Mi
        volumeMounts:
        - mountPath: /charts
          name: charts-volume
      volumes:
      - name: charts-volume
        nfs:
          path: /data/charts
          server: 192.168.200.10
      restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
  name: chartmuseum
  namespace: chartmuseum
spec:
  ports:
    - port: 8080
      protocol: TCP
      targetPort: 8080
  selector:
    app: chartmuseum

3.2.16 生命周期管理-配置Pod生命周期

登录kcloud集群节点，在default命名空间下创建一个名Pod，并进行Pod生命周期管理。


##nginx为例
apiVersion: v1
kind: Pod
metadata: 
  name: pod-hook-exec
  namespace: dev
spec:
  containers:
  - name: main-container
    image: nginx:1.17.1
    ports: 
    - name: nginx-port
      containerPort: 80
    lifecycle:
      postStart:
        exec: #在容器启动的时候执行一个命令，修改掉nginx的默认首页内容
          command: ["/bin/sh","-c","echo postStart... > /usr/share/nginx/html/index.html"]
      preStop: #在容器停止之前停止nginx服务
        exec:
          command: ["/usr/sbin/nginx","-s","quit"]

3.2.17 定时任务管理—创建定时任务

在kcloud集群节点/root目录下编写yaml文件date.yaml完成定时管理任务。


apiversion: batch/vl beta 
kind: CronJob
metadata:
	name: hello
spec:
	schedule: "*/1 * * * *"
	jobTemplate:
		spec:
			template:
				spec:
					containers:
					- name:hello
					  image:busybox
					  args:
					  - /bin/sh
					  - -C
					  - date;echo Hello from the Kubernetes cluster restartPolicy:OnFailure

3.2.18 HPA管理—创建HPA规则

在kcloud集群节点/root目录下编写YAML文件hpa.yaml，完成HPA管理。


[root@k8s-master-node1 ~]# cat web.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
  namespace: default
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
[root@k8s-master-node1 ~]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: web
spec:
  replicas: 1
  selector:
    matchLabels:
      app: web
  template:
    metadata:
      labels:
        app: web
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        imagePullPolicy: IfNotPresent
        resources:
          requests:
            cpu: 500m  # 指定所需的 CPU 资源 request
[root@k8s-master-node1 ~]# cat hpa.yaml
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
  name: web
  namespace: default
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: web
  minReplicas: 1
  maxReplicas: 1000  #指定伸缩范围为 1–1000
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 80
  behavior:
    scaleUp:
      stabilizationWindowSeconds: 5
      policies:
      - type: Pods
        value: 9    #9倍数量的副本数
        periodSeconds: 1
    scaleDown:
      stabilizationWindowSeconds: 5  #时间窗口为 5s
      policies:
      - type: Pods
        value: 1
        periodSeconds: 1
[root@k8s-master-node1 ~]# kubectl apply -f web.yaml
[root@k8s-master-node1 ~]# kubectl apply -f deployment.yaml
[root@k8s-master-node1 ~]# kubectl apply -f hpa.yaml

3.2.19 使用Helm模板

使用赛项提供的mychart-0.1.0.tgz模板包，在kcloud集群中安装名为nginx的模板实例。


[root@kcloud-21836 ~]# helm install nginx nginx/ 
NAME: nginx
LAST DEPLOYED: Wed May 31 14:47:47 2023
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None
[root@kcloud-21836 ~]# kubectl get pod
NAME                         READY   STATUS    RESTARTS   AGE
mysql-5c6c7986f5-4kr5b       1/1     Running   0          10m
nginx-d5f959df4-4lm2s        1/1     Running   0          9s
wordpress-7f9587fb4f-rrncz   1/1     Running   0          10m
[root@kcloud-21836 ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
kubernetes   ClusterIP   10.247.0.1       <none>        443/TCP          46m
mariadb      NodePort    10.247.206.107   <none>        3306:32334/TCP   15m
mysql        ClusterIP   10.247.202.181   <none>        3306/TCP         31m
nginx        NodePort    10.247.77.152    <none>        80:30880/TCP     21m
wordpress    NodePort    10.247.202.57    <none>        80:30417/TCP     31m

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/菜鸟追梦旅行/article/detail/77668

2023云计算国赛样题梳理_2023全国技能大赛云计算应用赛项 私有云 容器云 公有云 答案

模块三 公有云（40）

任务1 公有云服务搭建（5分）

任务2 公有云服务运维（10分）

2023云计算国赛样题梳理_2023全国技能大赛云计算应用赛项私有云容器云公有云答案

模块三公有云（40）