大体发版推送的步骤: 拉取仓库代码 构建包 看是否运行集成及单元测试 仓库代码提交 设置流水线-阻止异常或是对现有业务产生影响的代码入正式代码仓库,测试左移,让低级别错误回归到dev,减轻QA测试压力 node等前端静态页面 其他jar.构建打jar包,或是用docker-compose 维护发版,或是用k8s 维护线上版本业务 私仓一般用harbor 其他车机固件,刷机板子 堡垒机 远程主机仅仅允许从堡垒机密钥登录 PasswordAuthentication no docker: Error response from daemon: driver failed programming external connectivity on endpoint mysql-server (9c274c7f4af2610577b8134980e573f93baeb86b5d84dc16f7abdb068053372a): (iptables failed: iptables --wait -t nat -A DOCKER -p tcp -d 0/0 --dport 3306 -j DNAT --to-destination 172.17.0.2:3306 ! -i docker0: iptables: No chain/target/match by that name. 原因:在我们启动了Docker后,我们再对防火墙firewalld进行操作,就会发生上述报错, 详细原因:docker服务启动时定义的自定义链DOCKER,当 centos7 firewall 被清掉时, firewall的底层是使用iptables进行数据过滤,建立在iptables之上,这可能会与 Docker 产生冲突。 当 firewalld 启动或者重启的时候,将会从 iptables 中移除 DOCKER 的规则,从而影响了 Docker 的正常工作。 当你使用的是 Systemd 的时候, firewalld 会在 Docker 之前启动,但是如果你在 Docker 启动之后操作 firewalld ,你就需要重启 Docker 进程了。 解决办法:输入指令 如下指令,重启docker服务及可重新生成自定义链DOCKER systemctl restart docker 海南更新 scp -P :/opt/hainan/dist.zip . scp -P :/opt/hainan/kge-biz.jar . 前端:替换nginx root dist manage: 替换jar包 ,docker-compose stop manage && docker-compose build manage && docker-compose start manage for i in nacos tx upms auth gateway manage ;do docker-compose restart $i;done root/hfkmyl 病毒处理 loginclientbot xmrig 34 发版推送126需要ssh ,密码修改 为root yum -y install psmisc.x86_64 yum -y install python3-pip.noarch pip3 install runlike runlike -p docker-container-id 查看docker 容器启动命令 kubectl top pod km-manage-biz-578558db86-f6xp5 -n pre kubectl top nodes kubectl get pods -A kubectl get pod --show-labels kubectl label pod {pod名称} app=app kubectl edit deploy km-auth-pre -n pre pod扩容 kubectl scale deployment {deployment名称} --replicas=10 kubectl get deploy && kubectl scale deployment details-v1 --replicas=2 kubectl get deploy -n pre pod deploy 更新镜像 kubectl set image deployment/nginx-deployment nginx=nginx:1.14 kubectl set image deployment km-manage-biz km-manage-biz=harbor-inside.hfkmyl.com:9443/his/km-manage-biz-master:202308021019 -n pre pod 回滚 kubectl rollout undo deployment/pigx-ui -n pre kubectl rollout status deployment/pigx-ui -n pre kubectl rollout history deployment/pigx-ui -n pre kubectl rollout undo deployment/pigx-ui -n pre --to-revision=8 docker run --name mysql-server -t --hostname mysql_server --restart=always \ -v /etc/localtime:/etc/localtime -v /docker/volume1/mysql/1/:/var/lib/mysql \ -e MYSQL_DATABASE="jumpserver" -e MYSQL_USER="jumpserver" -e MYSQL_PASSWORD="jumpserver" \ -e MYSQL_ROOT_PASSWORD="ming1128" -p 3306:3306 -d mysql:5.7 \ --character-set-server=utf8 --collation-server=utf8_bin docker run --name redis-server -t \ --hostname redis-server \ --restart=always \ -v /etc/localtime:/etc/localtime\ -p 6379:6379 -d redis:5.0 docker run --name jumpserver -t --hostname jump-server --restart=always -v /etc/localtime:/etc/localtime -p 8058:80 -p 2222:2222 -e SECRET_KEY=$SECRET_KEY -e BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN -e DB_HOST="mysql-server" -e DB_PORT=3306 -e DB_NAME="jumpserver" -e DB_USER="jumpserver" -e DB_PASSWORD="jumpserver" --link mysql-server:mysql -e REDIS_HOST="redis-server" -e REDIS_PORT="6379" --link redis-server:redis jumpserver/jms_all:1.5.2 docker run --name=jumpserver \ --hostname=jump-server \ --mac-address=02:42:a9:fe:1e:04 \ --env=DB_PASSWORD=jumpserver \ --env=SECRET_KEY=HYyLkKVdEOMSA0skdUNWdSF3lvsEyufIu9v1FYEheLpKn9toqo \ --env=REDIS_HOST=redis-server \ --env=BOOTSTRAP_TOKEN=2S81RLtRhqEkV4dU \ --env=DB_HOST=mysql-server \ --volume=/etc/localtime:/etc/localtime \ --workdir=/opt \ -p 2222:2222 \ -p 8088:80 \ --link mysql-server:mysql \ --link redis-server:redis \ --restart=always \ --log-opt max-file=20 \ --log-opt max-size=50m \ --runtime=runc \ -t \ jumpserver/jms_all:1.5.2 公司堡垒机 Bi4gjU2VQ5dxgRrS3F9oyGHJ 公司内部堡垒机 http://192.168.19.129/ spp/Bi4gjU2VQ5dxgRr curl ipinfo.io 观察现象,telnet 远程目标业务端口 ,立即 conn reset说明业务端口又问题 ssh-keygen ssh-copy-id 实现免密钥既把本机生成的pub公钥注入到免密钥登录主机的authorized_keys ~/.ssh/authorized_keys ssh远程登录响应时间很慢 /usr/local/apache-maven-3.6.3/bin/mvn clean install package -Dmaven.test.skip=true /usr/local/apache-maven-3.6.3/bin/mvn install docker push harbor-inside.hfkmyl.com:9443/his/pigx-upms-biz-master:202308011647 sudo kubectl set image deployment pigx-upms-biz pigx-upms-biz=harbor.hfkmyl.com/his/pigx-upms-biz-master:202303010414 -n pre curl -v -F "file=@/path/to/file" http://192.168.1.4/base/medicare/uploadFile yum install -y yum-utils device-mapper-persistent-data lvm2 yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo yum list docker-ce --showduplicates | sort -r yum -y install docker-ce-20.10.0-3.el7 docker-ce-cli-20.10.0-3.el7 containerd.io /usr/local/jdk1.8.0_161/bin/java -Dsun.misc.URLClassPath.disableJarChecking=true -Dfile.encoding=UTF-8 -Dsun.jnu.encoding=UTF-8 -jar /opt/server/km_cloud/pigx-register.jar --db.password=qW@erwqerR!123@1*@% set global validate_password_policy=0; set global validate_password_length=4; update mysql.user set authentication_string=password('qW@erwqerR!123@1*@%') where user='root'; if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >> ~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi for i in nacos tx upms auth gateway manage ihos consult;do docker-compose restart $i;done yum --showduplicates list docker pods 多副本日志查看,基于label 标签名 kubectl get pod --show-labels -n vip kubectl logs -l app=km-manage-selector,pod-template-hash=6c45d9cddb -n vip -f --tail=100 for i in `seq -w 1 100`; do cp -rp /var/log/messages /data/test/copy-test-$i; done :set paste kubectl logs -l k8s-app=kube-dns -n kube-system 流水线改 改dockerfile http://192.168.19.142/kmyl/jenkinscms_new.git kubectl edit deploy km-ihos-biz -n pre harbor-login-qr sudo kubectl set image deployment km-assets-biz km-assets-biz=harbor.hfkmyl.com:4433/his/km-assets-biz-master:202304260425 -n pre Km!06 ops Km!0611 202305171810 sudo kubectl set image deployment km-manage-biz km-manage-biz=harbor.hfkmyl.com:4433/his/km-manage-biz-master:202305171810 -n pre sudo kubectl set image deployment km-manage-biz km-manage-biz=harbor-inside.hfkmyl.com:9443/his/km-manage-biz-master:202305222119 -n pre /dev/sdb1 /opt/jenkinsbuilddir/ npm install --python=python2.7 ; npm config set python python2.7 ; npm install -g cnpm --registry=http://registry.npm.taobao.org ; npm install --registry=http://registry.npm.taobao.org;npm run build;npm install --save jsbarcode 初次 nodejs build 时 需要node_modules 可以加入到流水线 Error: Cannot find module 'node-sass' ./easyrsa init-pki ./easyrsa build-ca kmylpp hfkmyl plm km-manage-biz-9d6766549-zdzxr kubectl delete pod km-manage-biz-9d6766549-4mddw -n vip kubectl logs -f km-manage-biz-9d6766549-zdzxr -n vip ./easyrsa gen-req server nopass ./easyrsa sign-req server server 快到期主机 /192.168.0.76 pods自动迁移到其他主机,安排固定时间验证 Windows 2008 Enterprise R2 64位 中文版 ecs-2da0-1216613-volume-0000 解决方法: Try running npm update -g npm then run npm i again.Іf thаt dоеѕn’t wоrk mауbе прm сасhе сlеаn hеlрѕ. If that doesn’t work either you should consider removing the node_ _modules folder in your application and running npm i again. If you still have no luck, I suggest removing the package-lock. json and the node_ modules folderbеfоrе runnіng прm і. 运行 npm update -g npm 然后运行 npm i 如果第1步不行,在第一步的基础上运行прm сасhе сlеаn 如果第2步还是不行,删除node_modules文件夹,再运行npm i 如果第3步还是不行,删除掉package-lock.json和node_modules,再运行npm i. 我删除了package-lock.json以后才启动成功的 npm install -g @vue/cli kubectl edit deploy km-manage-biz -n pre kubectl get deploy -n pre kubectl get deployments -n pre -o=custom-columns=NAME:.metadata.name,IMAGE:.spec.template.spec.containers[*].image kubectl get pods -o wide -n pre docker login -u admin -p Harbor12345 docker pull docker push imagePullSecrets kubectl create secret docker-registry xx --docker-username=admin --docker-password=Harbor12345 --docker-server= -n pre kubectl logs km-consult-biz-5f9c949d56-96rmj -n vip kubectl create secret docker-registry harbor-inside-hfkmyl \ --docker-server=10.3.9.107:5000 \ --docker-username='gsafety' \ --docker-password='123456' docker://18.9.0 Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:58:47Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.6-r1-CCE2.0.30.B001", GitCommit:"3270aae40a24cd434ea48f594746f020c7473203", GitTreeState:"clean", BuildDate:"2020-01-08T10:05:41Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"} WARNING: version difference between client (1.23) and server (1.15) exceeds the supported minor version skew of +/-1
标签:kubectl,常用,运维,--,km,server,指令,biz,docker From: https://www.cnblogs.com/ruiy/p/17613242.html