分类
vim

vim 重复之前的 :命令

执行:替换或其他操作后想要再次执行
在记录里搜索命令并执行

q:
然后上下滑动,选取要重复执行的命令

https://vim.fandom.com/wiki/Repeat_last_colon_command

分类
kubernetes

kubernetes 面试问题

1. 集群的 HA 怎么做的
2. network policy
3. 发布的时候 503 是怎么造成的,怎么解决
4. cgroup 怎么控制cpu的限制的
5. k8s 分配的 pod ip 冲突是什么原因
6. devicemapper 和 overlay overlay2 的优缺点是什么
7. CI 的时候怎么加快构建

分类
linux

ldapsearch 测试 ldap 筛选

ldapsearch -D "uid=svc-stp,cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com" -b "cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com"  -h haipa5.dc.mycorp.com -p 389 -w "password" -s sub  > all
ldapsearch -D "uid=svc-stp,cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com" -b "cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com"  -h haipa5.dc.mycorp.com -p 389 -w "password" -s sub  '(&(objectclass=posixAccount)(memberOf=cn=ipausers,cn=groups,cn=accounts,dc=ipa,dc=mycorp,dc=com)(!(nsAccountLock=TRUE)))'
ldapsearch -D "uid=svc-stp,cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com" -b "cn=users,cn=accounts,dc=ipa,dc=mycorp,dc=com"  -h haipa5.dc.mycorp.com -p 389 -w "password" -s sub  '(&(uid=*)(!(ipaUserAuthType=*))(!(nsAccountLock=TRUE)))'
分类
linux

Ceph 笔记

# 列出所有的pool
ceph osd lspools
# 创建一个 pool
ceph osd pool create kong 3
# 列出pool中的所有镜像
rbd ls kong
# 创建pool
ceph osd pool create
# 创建一个大小为1G的镜像
rbd create -p tenant_1 xm3gyumgqupmexxmewoome
# 显示一个镜像的详细信息
rbd info -p tenant_1 –image xm3gyumgqupmexxmewoome
# 删除一个镜像
rdb rm -p tenant_1 xm3gyumgqupmexxmewoome

cat /etc/ceph/ceph.client.admin.keyring
ceph auth list
ceph osd pool ls detail
ceph osd pool delete kong
ceph osd pool delete kong kong –yes-i-really-really-mean-it

# k8s查看最近创建的容器
kubectl get pods -n 1 | awk ‘$5 ~ /s|m/ {print}’ | sort -V -k 5

# docker删除exit的容器
docker ps -a | grep Exited | awk ‘{print $1}’ | xargs docker rm

分类
linux

k8s flannel vxlan

用到的知识:

linux bridge
linux network namespace
flannel backend
iptables

host 上的 flannel 配置文件

[root@k8snode028 bin]# cat /etc/cni/net.d/10-flannel.conflist 
{
  "name":"cni0",
  "cniVersion":"0.3.1",
  "plugins":[
    {
      "type":"flannel",
      "delegate":{
        "forceAddress":true,
        "hairpinMode": true,
        "isDefaultGateway":true
      }
    },
    {
      "type":"portmap",
      "capabilities":{
        "portMappings":true
      }
    }
  ]
}

host 上的 flannel 相关 bin 文件

ls /opt/cni/bin/
bridge  cnitool  dhcp  flannel  host-local  ipvlan  loopback  macvlan  noop  portmap  ptp  tuning  vlan

查看 namespace

ip netns list

查看 link

ip link

创建 red 的 namespace,并查看 link

ip netns exec red ip link

kubernetes host 上的 interface, ifconfig

...
cni0: flags=4163  mtu 1450
        inet 10.27.9.1  netmask 255.255.255.0  broadcast 0.0.0.0
...

flannel.1: flags=4163  mtu 1450
        inet 10.27.9.0  netmask 255.255.255.255  broadcast 0.0.0.0
...

kubernetes pod 内的 arp route 显示

[root@backend-6b7b58986c-jdnhn spring]# route  -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.27.9.1       0.0.0.0         UG    0      0        0 eth0
10.27.0.0       10.27.9.1       255.255.0.0     UG    0      0        0 eth0
10.27.9.0       0.0.0.0         255.255.255.0   U     0      0        0 eth0

node 节点上的 bridge 信息

yum install bridge-utils -y
[root@k8snode028 ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
cni0		8000.0a580a1d0d01	no		veth0985a0b8
							veth1253dd53
							veth127dc912
							veth15b89d85
							veth30b9e182
							veth3a6a0f27
							veth500fcaf1
							veth5f994152
							veth6374a5e2
							veth67f0cb2e
							veth69772276
							veth6a95a62c
							veth6c8897b0
							veth781dd728
							veth88eddba5
							veth8d28dfe8
							veth8fd03c3e
							veth8fe5c104
							vetha529244f
							vethb2b2134b
							vethc070358a
							vethccd69c78
							vethd6f2ae04
							vethdbaec209
							vethe0e0bd3a
							vethe3939f54
							vethec7d63a5
							vethefdaa81a
							vethf836c26b
							vethfb0f86bc
							vethfec66a08
docker0		8000.0242fbd0e139	no

node 节点上的路由信息

[root@k8snode028 network-scripts]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.18.19.1      0.0.0.0         UG    0      0        0 bond0
10.18.19.0      0.0.0.0         255.255.255.0   U     0      0        0 bond0
10.27.0.0       10.27.0.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.1.0       10.27.1.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.2.0       10.27.2.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.3.0       10.27.3.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.4.0       10.27.4.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.5.0       10.27.5.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.6.0       10.27.6.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.7.0       10.27.7.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.8.0       10.27.8.0       255.255.255.0   UG    0      0        0 flannel.1
10.27.9.0       0.0.0.0         255.255.255.0   U     0      0        0 cni0
10.27.10.0      10.27.10.0      255.255.255.0   UG    0      0        0 flannel.1
10.27.11.0      10.27.11.0      255.255.255.0   UG    0      0        0 flannel.1
10.27.12.0      10.27.12.0      255.255.255.0   UG    0      0        0 flannel.1
10.27.13.0      10.27.13.0      255.255.255.0   UG    0      0        0 flannel.1
10.27.14.0      10.27.14.0      255.255.255.0   UG    0      0        0 flannel.1
169.254.0.0     0.0.0.0         255.255.0.0     U     1006   0        0 bond0
172.17.0.0      0.0.0.0         255.255.0.0     U     0      0        0 docker0

node 节点上查看 bridge (相当于本机虚拟交换机)

ip link show type bridge 或 bridge link show
7: docker0:  mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:1c:85:aa:91 brd ff:ff:ff:ff:ff:ff
12: cni0:  mtu 1450 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 0a:58:0a:1b:09:01 brd ff:ff:ff:ff:ff:ff

node 节点上查看所有的 veth

ip link show type veth
25: veth7443cee@if24:  mtu 1500 qdisc noqueue master docker0 state UP mode DEFAULT group default 
    link/ether 2e:03:af:2d:5e:46 brd ff:ff:ff:ff:ff:ff link-netnsid 5
...

node 上的 flannel 容器里的信息

[root@k8snode028 bin]# docker exec 1a84ab994e5d cat /run/flannel/subnet.env
FLANNEL_NETWORK=10.27.0.0/16
FLANNEL_SUBNET=10.27.9.1/24
FLANNEL_MTU=1450
FLANNEL_IPMASQ=true

从一台 node pod 到另一台 node pod 网段(10.29.13.0),查询找到 mac 地址

arp -e | grep 10.29.13.0
10.29.13.0               ether   42:32:74:de:24:50   CM                    flannel.1

再通过 mac 地址找到是哪台目标 node

bridge fdb show | grep 42:32:74:de:24:50
42:32:74:de:24:50 dev flannel.1 dst 10.18.19.129 self permanent

参考:
https://xuxinkun.github.io/2019/06/05/flannel-vxlan/
https://www.youtube.com/watch?v=j_UUnlVC2Ss