kubectl exec -it cassandra-0 bash -n noah TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token) curl https://kubernetes.default.svc.cluster.local/api/v1/namespaces/noah/endpoints/cassandra --header "Authorization: Bearer $TOKEN" --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
Blog
-
k8s 容器内访问 apiserver
-
istio 运维笔记
docker desktop
查看 istio 版本
istioctl version --remote client version: 1.5.1 control plane version: 1.4.0 data plane version: 1.4.0 (114 proxies)
bin/istioctl manifest versions Operator version is 1.4.5. The following installation package versions are recommended for use with this version of the operator: 1.4.3 The following installation package versions are supported for upgrade by this version of the operator: >=1.3.3 <1.6
proxy 状态
istioctl proxy-status
查看 istio-proxy 的配置
kubectl -n istio-system exec istio-ingressgateway-7f648d44cf-dkdkp -c istio-proxy -- curl -s 127.0.0.1:15000/help admin commands are: /: Admin home page /certs: print certs on machine /clusters: upstream cluster status /config_dump: dump current Envoy configs (experimental) /contention: dump current Envoy mutex contention stats (if enabled) /cpuprofiler: enable/disable the CPU profiler /drain_listeners: drain listeners /healthcheck/fail: cause the server to fail health checks /healthcheck/ok: cause the server to pass health checks /heapprofiler: enable/disable the heap profiler /help: print out list of admin commands /hot_restart_version: print the hot restart compatibility version /listeners: print listener info /logging: query/change logging levels /memory: print current allocation/heap usage /quitquitquit: exit the server /ready: print server state, return 200 if LIVE, otherwise return 503 /reset_counters: reset all counters to zero /runtime: print runtime values /runtime_modify: modify runtime values /server_info: print server version/status information /stats: print server stats /stats/prometheus: print server stats in prometheus format /stats/recentlookups: Show recent stat-name lookups /stats/recentlookups/clear: clear list of stat-name lookups and counter /stats/recentlookups/disable: disable recording of reset stat-name lookup names /stats/recentlookups/enable: enable recording of reset stat-name lookup names
查看 dashboard
istioctl dashboard --help Access to Istio web UIs Usage: istioctl dashboard [flags] istioctl dashboard [command] Aliases: dashboard, dash, d Available Commands: controlz Open ControlZ web UI envoy Open Envoy admin web UI grafana Open Grafana web UI jaeger Open Jaeger web UI kiali Open Kiali web UI prometheus Open Prometheus web UI zipkin Open Zipkin web UI Flags: -h, --help help for dashboard Global Flags: --context string The name of the kubeconfig context to use -i, --istioNamespace string Istio system namespace (default "istio-system") -c, --kubeconfig string Kubernetes configuration file --log_output_level string Comma-separated minimum per-scope logging level of messages to output, in the form of: , : ,... where scope can be one of [ads, all, analysis, attributes, authn, cache, citadelclient, configmapcontroller, default, googleca, grpcAdapter, installer, mcp, model, patch, processing, rbac, resource, sds, secretfetcher, source, stsclient, tpath, translator, util, validation, vault] and level can be one of [debug, info, warn, error, fatal, none] (default "default:info,validation:error,processing:error,source:error,analysis:warn,installer:warn,translator:warn") -n, --namespace string Config namespace Use "istioctl dashboard [command] --help" for more information about a command. 查看 proxy config, 缩写 pc, 查看指定 pod 的istio-proxy的保存的某服务的endpoint
istioctl proxy-config endpoint servicefoo.app | grep servicebar
查看 authn
istioctl authn tls-check istio-ingressgateway-7f837d44cf-f6vdm.istio-system
更改日志级别为 debug
curl -X POST http://localhost:15000/logging?level=debug
curl http://localhost:15000/server_info { "version": "07581234567ae48193a43ff6d86572968ae00e7/1.12.0/Clean/RELEASE/BoringSSL", "state": "LIVE", "hot_restart_version": "11.104", "command_line_options": { "base_id": "0", "concurrency": 8, "config_path": "/etc/istio/proxy/envoy-rev1.json", "config_yaml": "", "allow_unknown_static_fields": false, "reject_unknown_dynamic_fields": false, "admin_address_path": "", "local_address_ip_version": "v4", "log_level": "warning", "component_log_level": "misc:error", "log_format": "[Envoy (Epoch 1)] [%Y-%m-%d %T.%e][%t][%l][%n] %v", "log_path": "", "service_cluster": "istio-ingressgateway", "service_node": "router~10.74.24.9~istio-ingressgateway-7f123456cf-9qrvk.istio-system~istio-system.svc.cluster.local", "service_zone": "", "mode": "Serve", "max_stats": "0", "max_obj_name_len": "0", "disable_hot_restart": false, "enable_mutex_tracing": false, "restart_epoch": 1, "cpuset_threads": false, "file_flush_interval": "10s", "drain_time": "45s", "parent_shutdown_time": "60s" }, "uptime_current_epoch": "275710s", "uptime_all_epochs": "815942s" }PodDisruptionBudget 策略
kubectl get PodDisruptionBudget -n istio-system [git:master] ✖ NAME MIN AVAILABLE MAX UNAVAILABLE ALLOWED DISRUPTIONS AGE ingressgateway 1 N/A 1 208d istio-citadel 1 N/A 0 208d istio-egressgateway 1 N/A 1 208d istio-galley 1 N/A 0 208d istio-ingressgateway 1 N/A 1 208d istio-metrics-ingressgateway 1 N/A 1 208d istio-pilot 1 N/A 1 208d istio-policy 1 N/A 1 208d istio-sidecar-injector 1 N/A 0 208d istio-telemetry 1 N/A 1 208d
istio 证书过期时间
root-cert.pem 十年
ca-cert.pem 两年 -
DELL U2720QM 匹配设置 macOS OR win11
U2720QM 设置
Display -> Response Time -> Fast
Smart HDR -> DesktopmacOS 设置
System Preferences -> Displays
按住 Options 点 Scaled,选择
2304 x 1296(比较舒服)介于 2k 和 1080p 之间
此时 High dynamic Range (HDR)应该是勾选状态
在 System Information -> Hardware -> Graphics/Displays 显示
Radeon Pro 560X: Chipset Model: Radeon Pro 560X Type: GPU Bus: PCIe PCIe Lane Width: x8 VRAM (Total): 4 GB Vendor: AMD (0x1002) Device ID: 0x67ef Revision ID: 0x00c2 ROM Revision: 113-C980AL-075 VBIOS Version: 113-C97501U-005 EFI Driver Version: 01.A1.075 Automatic Graphics Switching: Supported gMux Version: 5.0.0 Metal: Supported, feature set macOS GPUFamily2 v1 Displays: DELL U2720QM: Resolution: 3840 x 2160 (2160p/4K UHD 1 - Ultra High Definition) UI Looks like: 1920 x 1080 @ 60 Hz Framebuffer Depth: 30-Bit Color (ARGB2101010) Display Serial Number: 5ZG1WS2 Main Display: Yes Mirror: Off Online: Yes Rotation: Supported Automatically Adjust Brightness: No Connection Type: DisplayPort
Win10 设置
175% 缩放
-
terraform terragrunt
https://www.terraform-best-practices.com/
https://github.com/terraform-linters/tflintcheck:
terraform init # terragrunt init -upgrade 重新更新依赖 terraform validate terraform plan
交互 approve 方式执行
terraform apply
直接执行,省去交互
terraform apply -auto-approve
格式化代码
terraform fmt -recursive terragrunt hclfmt
查看 state
terraform state list
import state
terragrunt import --terragrunt-working-dir dev/k8s/namespaces 'kubernetes_namespace.namespaces["app"]' app
清理 dev 集群 hongkong
terragrunt run-all plan --terragrunt-working-dir deploy/dev/gke/hongkong terragrunt run-all destroy --terragrunt-working-dir deploy/dev/gke/hongkong
查看依赖图
terragrunt graph-dependencies --terragrunt-working-dir deploy/dev/gke/hongkong
执行 destroy
- terragrunt plan -destroy -target k8s - terragrunt destroy -target module.k8s -forceterragrunt 删除目录感知不到要删除对应的 resource
应该删除对应的 inputs, 前提 inputs 要支持空 defaut 值升级
brew upgrade terragrunt
-
gcloud 使用记录
安装 sdk
curl https://sdk.cloud.google.com | bash
查看当前授权
gcloud auth list
列出用过的 projects
gcloud projects list
To revert your CLI to the previously installed version, you may run:
$ gcloud components update –version 403.0.0 -
G Suite 使用技巧
公司使用 G Suite
自己也有 google 账号,切换账号的 default
https://support.google.com/accounts/thread/6368872?hl=en&msgid=6678524
gmail settings, 关闭 chat, 打开 shortcuts