搜索到
73
篇与
的结果
-
k8s安装traefik与实操 一、安装traefik先安装traefik-crds、下面的--- # Source: traefik/templates/rbac/serviceaccount.yaml kind: ServiceAccount apiVersion: v1 metadata: name: traefik-release namespace: traefik labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm annotations: automountServiceAccountToken: false --- # Source: traefik/templates/rbac/clusterrole.yaml kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: traefik-release-default labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm rules: - apiGroups: - "" resources: - configmaps - nodes - services verbs: - get - list - watch - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - list - watch - apiGroups: - "" resources: - secrets verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingressclasses - ingresses verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - traefik.io resources: - ingressroutes - ingressroutetcps - ingressrouteudps - middlewares - middlewaretcps - serverstransports - serverstransporttcps - tlsoptions - tlsstores - traefikservices verbs: - get - list - watch --- # Source: traefik/templates/rbac/clusterrolebinding.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: traefik-release-default labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-release-default subjects: - kind: ServiceAccount name: traefik-release namespace: traefik --- # 添加PVC定义 apiVersion: v1 kind: PersistentVolumeClaim metadata: name: traefik-data-pvc namespace: traefik spec: accessModes: - ReadWriteMany # CephFS支持多节点读写 storageClassName: ceph-cephfs resources: requests: storage: 1Gi # 根据实际需求调整大小 --- # Source: traefik/templates/deployment.yaml apiVersion: apps/v1 kind: Deployment metadata: name: traefik-release namespace: traefik labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm annotations: spec: replicas: 1 selector: matchLabels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 1 minReadySeconds: 0 template: metadata: annotations: prometheus.io/scrape: "true" prometheus.io/path: "/metrics" prometheus.io/port: "9100" labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm spec: securityContext: runAsUser: 0 runAsGroup: 0 fsGroup: 0 capabilities: add: ["NET_BIND_SERVICE"] serviceAccountName: traefik-release automountServiceAccountToken: true terminationGracePeriodSeconds: 60 hostNetwork: false containers: - image: registry.cn-guangzhou.aliyuncs.com/xingcangku/traefik:v3.0.0 imagePullPolicy: IfNotPresent name: traefik-release resources: readinessProbe: httpGet: path: /ping port: 9000 scheme: HTTP failureThreshold: 1 initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 livenessProbe: httpGet: path: /ping port: 9000 scheme: HTTP failureThreshold: 3 initialDelaySeconds: 2 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2 lifecycle: ports: - name: metrics containerPort: 9100 protocol: TCP - name: traefik containerPort: 9000 protocol: TCP - name: web containerPort: 8000 protocol: TCP - name: websecure containerPort: 8443 protocol: TCP securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL - NET_BIND_SERVICE readOnlyRootFilesystem: false volumeMounts: - name: data mountPath: /data readOnly: false # 允许写入 args: - "--global.checknewversion" - "--global.sendanonymoususage" - "--entryPoints.metrics.address=:9100/tcp" - "--entryPoints.traefik.address=:9000/tcp" - "--entryPoints.web.address=:8000/tcp" - "--entryPoints.websecure.address=:8443/tcp" - "--api.dashboard=true" - "--ping=true" - "--metrics.prometheus=true" - "--metrics.prometheus.entrypoint=metrics" - "--providers.kubernetescrd" - "--providers.kubernetescrd.allowEmptyServices=true" - "--providers.kubernetesingress" - "--providers.kubernetesingress.allowEmptyServices=true" - "--providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik-release" - "--entryPoints.websecure.http.tls=true" - "--log.level=INFO" env: - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace volumes: # 替换emptyDir为PVC - name: data persistentVolumeClaim: claimName: traefik-data-pvc securityContext: runAsGroup: 65532 runAsNonRoot: true runAsUser: 65532 --- # Source: traefik/templates/service.yaml apiVersion: v1 kind: Service metadata: name: traefik namespace: traefik labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm annotations: spec: type: LoadBalancer selector: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default ports: - port: 8000 name: web targetPort: web protocol: TCP - port: 8443 name: websecure targetPort: websecure protocol: TCP --- # Source: traefik/templates/ingressclass.yaml apiVersion: networking.k8s.io/v1 kind: IngressClass metadata: annotations: ingressclass.kubernetes.io/is-default-class: "true" labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm name: traefik-release spec: controller: traefik.io/ingress-controller root@k8s01:~/helm/traefik/traefik-helm-chart-35.4.0/traefik# cat dashboard.yaml apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: dashboard namespace: traefik spec: entryPoints: - web routes: - match: Host(`traefik.local.com`) kind: Rule services: - name: api@internal kind: TraefikService 二、测试traefikkubectl create ns test-ns kubectl -n test-ns create deployment test-app --image=registry.cn-guangzhou.aliyuncs.com/xingcangku/nginx-alpine:1.0 kubectl -n test-ns expose deployment test-app --port=80cat <<EOF | kubectl apply -f - > apiVersion: networking.k8s.io/v1 > kind: Ingress > metadata: > name: test-ingress > namespace: test-ns > spec: > ingressClassName: traefik > rules: > - http: > paths: > - path: /test > pathType: Prefix > backend: > service: > name: test-app > port: > number: 80 > EOFWEB_PORT=$(kubectl get svc -n traefik traefik -o jsonpath='{.spec.ports[?(@.name=="web")].nodePort}')curl -v http://$NODE_IP:$WEB_PORT/test * Trying 192.168.3.200:32305... * Connected to 192.168.3.200 (192.168.3.200) port 32305 (#0) > GET /test HTTP/1.1 > Host: 192.168.3.200:32305 > User-Agent: curl/7.81.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 404 Not Found < Content-Length: 153 < Content-Type: text/html < Date: Thu, 29 May 2025 18:06:51 GMT < Server: nginx/1.27.5 < <html> <head><title>404 Not Found</title></head> <body> <center><h1>404 Not Found</h1></center> <hr><center>nginx/1.27.5</center> </body> </html> * Connection #0 to host 192.168.3.200 left intact#更新路径 cat <<EOF | kubectl apply -f - > apiVersion: networking.k8s.io/v1 > kind: Ingress > metadata: > name: test-ingress > namespace: test-ns > spec: > ingressClassName: traefik > rules: > - http: > paths: > - path: / > pathType: Prefix > backend: > service: > name: test-app > port: > number: 80 > EOF # 测试访问根路径 curl -v http://$NODE_IP:$WEB_PORT/ * Trying 192.168.3.200:32305... * Connected to 192.168.3.200 (192.168.3.200) port 32305 (#0) > GET / HTTP/1.1 > Host: 192.168.3.200:32305 > User-Agent: curl/7.81.0 > Accept: */* > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Accept-Ranges: bytes < Content-Length: 615 < Content-Type: text/html < Date: Thu, 29 May 2025 18:08:48 GMT < Etag: "67ffa8c6-267" < Last-Modified: Wed, 16 Apr 2025 12:55:34 GMT < Server: nginx/1.27.5 < <!DOCTYPE html> <html> <head> <title>Welcome to nginx!</title> <style> html { color-scheme: light dark; } body { width: 35em; margin: 0 auto; font-family: Tahoma, Verdana, Arial, sans-serif; } </style> </head> <body> <h1>Welcome to nginx!</h1> <p>If you see this page, the nginx web server is successfully installed and working. Further configuration is required.</p> <p>For online documentation and support please refer to <a href="http://nginx.org/">nginx.org</a>.<br/> Commercial support is available at <a href="http://nginx.com/">nginx.com</a>.</p> <p><em>Thank you for using nginx.</em></p> </body> </html> * Connection #0 to host 192.168.3.200 left intact#可以在集群内部访问 curl http://traefik-service.default.svc.cluster.localroot@k8s01:~/helm/traefik/test# kubectl get ingress -n test-ns NAME CLASS HOSTS ADDRESS PORTS AGE test-ingress traefik * 80 48m root@k8s01:~/helm/traefik/test# kubectl describe ingress test-ingress -n test-ns Name: test-ingress Labels: <none> Namespace: test-ns Address: Ingress Class: traefik Default backend: <default> Rules: Host Path Backends ---- ---- -------- * / test-app:80 (10.244.1.13:80) Annotations: <none> Events: <none> #命令查询 root@k8s01:~/helm/traefik/traefik-helm-chart-35.4.0/traefik# kubectl -n traefik describe svc traefik Name: traefik Namespace: traefik Labels: app.kubernetes.io/instance=traefik-release-default app.kubernetes.io/managed-by=Helm app.kubernetes.io/name=traefik helm.sh/chart=traefik-35.4.0 Annotations: <none> Selector: app.kubernetes.io/instance=traefik-release-default,app.kubernetes.io/name=traefik Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 10.103.186.47 IPs: 10.103.186.47 Port: web 8000/TCP TargetPort: web/TCP NodePort: web 30615/TCP Endpoints: 10.244.2.30:8000 Port: websecure 8443/TCP TargetPort: websecure/TCP NodePort: websecure 32113/TCP Endpoints: 10.244.2.30:8443 Session Affinity: None External Traffic Policy: Cluster Events: <none> root@k8s01:~/helm/traefik/traefik-helm-chart-35.4.0/traefik# kubectl -n traefik get endpoints NAME ENDPOINTS AGE traefik 10.244.2.30:8000,10.244.2.30:8443 26s traefik-crds 10.244.0.169:8000,10.244.0.169:8443 2d4h root@k8s01:~/helm/traefik/traefik-helm-chart-35.4.0/traefik# cat service.yaml # Source: traefik/templates/service.yaml apiVersion: v1 kind: Service metadata: name: traefik namespace: traefik labels: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default helm.sh/chart: traefik-35.4.0 app.kubernetes.io/managed-by: Helm annotations: spec: type: LoadBalancer selector: app.kubernetes.io/name: traefik app.kubernetes.io/instance: traefik-release-default ports: - port: 8000 name: web targetPort: web protocol: TCP - port: 8443 name: websecure targetPort: websecure protocol: TCP root@k8s01:~/helm/traefik/traefik-helm-chart-35.4.0/traefik# kubectl get -n traefik svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE traefik LoadBalancer 10.103.186.47 <pending> 8000:30615/TCP,8443:32113/TCP 7m11s traefik-crds LoadBalancer 10.101.202.240 <pending> 80:31080/TCP,443:32480/TCP,6379:30634/TCP 2d5h root@k8s01:~/helm/traefik/traefik-helm-chart-35.4.0/traefik# kubectl get pods -n traefik -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES traefik-crds-766d79b985-c2sbr 1/1 Running 3 (6h13m ago) 2d4h 10.244.0.169 k8s01 <none> <none> traefik-release-589c7ff647-pdjh4 1/1 Running 0 25m 10.244.2.30 k8s03 <none> <none> root@k8s01:~/helm/traefik/traefik-helm-chart-35.4.0/traefik# -
记一次k8s事故 发生的原因:当时创建了 Jenkins的yaml文件,镜像是用k8s里面harbor的镜像(没起来)。另外一个创建用命令直接拉取着这个镜像从几MB一秒的拉取速度变成后面的几百KB第一个问题 当时没拉起来是因为需要修改配置文件 因为harbor是用http的,应该是和当时文件里面的另外一个配置冲突了。然后我手动删除这个没起来的pod。发现一直卡主。然后重新修改了yaml文件改pod名字。重启apply。导致k8s一直卡主,etcd卡主。kube-apiserver.yaml 文件发现不见了!!!一直尝试修复都未成功,只能重装k8s。重装后,有一个配置没添加kubectl get node k8s01 -o jsonpath='{.spec.podCIDR}'# 预期输出:10.244.0.0/24导致网络插件Flannel,一直没起来导致系统的coredn也没能起来。在vim /etc/kubernetes/manifests/kube-controller-manager.yaml中添加spec: containers: - command: - kube-controller-manager - --allocate-node-cidrs=true # 确保启用 - --cluster-cidr=10.244.0.0/16 # 与 Flannel 的 Network 配置一致 - --node-cidr-mask-size=24 # 可选,默认24 # 其他原有参数...# 1. 临时移除清单文件 重启 kube-controller-manager mv /etc/kubernetes/manifests/kube-controller-manager.yaml /tmp/ sleep 10 # 等待 Pod 终止 # 2. 恢复清单文件 mv /tmp/kube-controller-manager.yaml /etc/kubernetes/manifests/总结:/etc/kubernetes/manifests/ 这个目录下的文件 记得备份!!!!!别轻易重新系统对k8s的配置操作要谨慎这次折腾了一晚上,k8s里面的ceph和Jenkins和harbor估计都没了。。。对于ceph放k8s里面容器化部署还是需要谨慎,就比如说这次如果是裸机部署的ceph,重装了k8s,数据应该不会丢失的。
-
Jenkins邮箱配置 一、安装插件在jenkins的插件管理中安装Email Extension插件二、配置邮件相关参数依次点击manage jenkins——>system,找到jenkins Location项,填写系统管理员邮件地址。配置邮件服务器相关参数,然后点击通过发送测试邮件测试配置,填写收件人邮箱号。配置Extended E-mail Notification配置,内容如下登录收件人邮件,看到有测试邮件。三、自动风格任务配置 3.1修改任务配置构建后操作内容3.2构建测试3.2.1点击立即构建,查看收件人邮箱四、流水线任务配置 4.1修改pipeline添加邮件发送在项目根目录编写email.html,并推送至项目仓库。邮件模板如下所示:<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>${ENV, var="JOB_NAME"}-第${BUILD_NUMBER}次构建日志</title> </head> <body leftmargin="8" marginwidth="0" topmargin="8" marginheight="4" offset="0"> <table width="95%" cellpadding="0" cellspacing="0" style="font-size: 11pt; font-family: Tahoma, Arial, Helvetica, sans-serif"> <tr> 本邮件由系统自动发出,无需回复!<br/> 各位同事,大家好,以下为${PROJECT_NAME }项目构建信息</br> <td><font color="#CC0000">构建结果 - ${BUILD_STATUS}</font></td> </tr> <tr> <td><br /> <b><font color="#0B610B">构建信息</font></b> <hr size="2" width="100%" align="center" /></td> </tr> <tr> <td> <ul> <li>项目名称 : ${PROJECT_NAME}</li> <li>构建编号 : 第${BUILD_NUMBER}次构建</li> <li>触发原因: ${CAUSE}</li> <li>构建状态: ${BUILD_STATUS}</li> <li>构建日志: <a href="${BUILD_URL}console">${BUILD_URL}console</a></li> <li>构建Url : <a href="${BUILD_URL}">${BUILD_URL}</a></li> <li>工作目录 : <a href="${PROJECT_URL}ws">${PROJECT_URL}ws</a></li> <li>项目Url : <a href="${PROJECT_URL}">${PROJECT_URL}</a></li> </ul> <h4><font color="#0B610B">失败用例</font></h4> <hr size="2" width="100%" /> $FAILED_TESTS<br/> <h4><font color="#0B610B">最近提交(#$SVN_REVISION)</font></h4> <hr size="2" width="100%" /> <ul> ${CHANGES_SINCE_LAST_SUCCESS, reverse=true, format="%c", changesFormat="<li>%d [%a] %m</li>"} </ul> 详细提交: <a href="${PROJECT_URL}changes">${PROJECT_URL}changes</a><br/> </td> </tr> </table> </body> </html> 4.2修改pipeline添加邮件发送pipeline { agent any stages { stage('拉取代码') { steps { checkout scmGit(branches: [[name: '*/${branch}']], extensions: [], userRemoteConfigs: [[credentialsId: 'gitee-cuiliang0302', url: 'https://gitee.com/cuiliang0302/sprint_boot_demo.git']]) } } stage('编译构建') { steps { sh 'mvn clean package' } } stage('部署运行') { steps { sh 'nohup java -jar target/SpringBootDemo-0.0.1-SNAPSHOT.jar &' sh 'sleep 10' } } } post { always { emailext( subject: '构建通知:${PROJECT_NAME} - Build # ${BUILD_NUMBER} - ${BUILD_STATUS}!', body: '${FILE,path="email.html"}', to: 'cuiliang0302@qq.com' ) } } }4.3构建测试
-
Gitlab安装 一、gpg.key-----BEGIN PGP PUBLIC KEY BLOCK----- mQINBF5dI2sBEACyGx5isuXqEV2zJGIx8rlJFCGw6A9g5Zk/9Hj50UpXNuOXlvQl 7vq91m2CAh88Jad7OiMHIJJhX3ZJEOf/pUx/16QKumsaEyBk9CegxUG9jAQXsjL3 WLyP0/l27UzNrOAFB+IUGjsoP+32gsSPiF5P485mirIJNojIAFzDQl3Uo4FbvqYU 9AIRk5kV4nEYz1aKXAovIUsyqrztMtwlAG2xqdwVpGD2A4/w8I143qPGjjhEQmf4 /EeS4CP9ztyLAx+01t2Acwa7Bygsb5KQPuT25UlevuxdDy/Rd5Zn/Lzwr2GQqjUs 6GbM0t1HYjh57e4V+p0qMf6jxXfrDCbehgzFvGS0cx/d7hWHm5sXZIt3gxpjBQU2 8MQWtrR8Y3nTBkCHwOKsXdsdD+YHxTq/yuvxl1Bcyshp29cGWv1es3wn2Z6i9tWe asGfVewJZiXFSEqSBGguEmLyCAZcWgXvHOV2kc66wG4d4TGIxmoo9GBqEtBftCVH MGDHt7zeg2hg6EIsx8/nj1duO5nBnbnik5iG8Xv46e/aw2p4DfTdfxHpjvyJudyN +UI5eSuuuXhyTZWedd5K1Q3+0CmACJ39t/NA6g7cZaw3boFKw3fTWIgOVTvC3y5v d7wsuyGUk9xNhHLcu6HjB4VPGzcTwQWMFf6+I4qGAUykU5mjTJchQeqmQwARAQAB tEJHaXRMYWIgQi5WLiAocGFja2FnZSByZXBvc2l0b3J5IHNpZ25pbmcga2V5KSA8 cGFja2FnZXNAZ2l0bGFiLmNvbT6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AWIQT2QD9lRKOIY9qgtuA/AWGKUTEvPwUCZd+UbQUJC0TYAgAKCRA/ AWGKUTEvPzeVEACDxFTCWdSe6S6sWhRTRCx4c/NF1WGHx2IUnCxMJqam5ij+xE+E 4dRAuBO3gD3bO4MAZJzvnAOC8RE9uMgAW7CS9+kpwdnXtS7/30P2sl0Lb3sXw57t ZtoYdZXr2H2/5E67k1SiEIpLeGyx5nnS1Irb3+b5DYwovAQQMgGF0jhJqjvaHulp nKlFegYBw1tVYPx+WKDqTcDu+57hVNuH2TSDXAjX7xL02PpmWkBQdfW1DMYiUkDy vrgrjVIggYCxyNEK+by8kuJ0EndB5n1VO98IAFrb321Ze8PTiRcgEi7wvZqMZCKw TkV4lNGpQs8AE6eXcCsaucWIz/Mm1Qu7t/uCfVbJ8k6R1VrngsPL+xl/4+zNxtI2 DHITvlkOgIMLaa+7JWiW6bQ+tXpLpMkKvgUWneLTwzjGWCl9p3byTg/pBNAc8qzJ XR2CRviNgV4xGVRreBDGPzaOKalVicSNcEu6nGNpe1Np1WtXMBf5Ed4Je4P1v6wL CjSIvxe6S68koIOwdX73a7d+yQA+bEegsN/su3Tp/jp/aDSOR+93UCPjXHLd0q3Y 6C/dvh3wyEC5topIc8XJFfP1mCtGV5WG1rY87AwALhc+2c+AEtShX7rKw/5rHUCY WeDt5skjByqaFtr4JSjEwQSY7G1a0IaISFkP+qhV+CkN12orAjpvZKxmwbkCDQRe XSNrARAApHc0R4tfPntr5bhTuXU/iVLyxlAlzdEv1XsdDC8YBYehT72Jpvpphtq7 sKVsuC59l8szojgO/gW//yKSuc3Gm5h58+HpIthjviGcvZXf/JcN7Pps0UGkLeQN 2+IRZgbA6CAAPh2njE60v5iXgS91bxlSJi8GVHq1h28kbKQeqUYthu9yA2+8J4Fz ivYV2VImKLSxbQlc86tl6rMKKIIOph+N4WujJgd5HZ80n2qp1608X3+9CXvtBasX VCI2ZqCuWjffVCOQzsqRbJ6LQyMbgti/23F4Yqjqp+8eyiDNL6MyWJCBbtkW3Imi FHfR0sQIM6I7fk0hvt9ljx9SG6az/s3qWK5ceQ7XbJgCAVS4yVixfgIjWvNE5ggE QNOmeF9r76t0+0xsdMYJR6lxdaQI8AAYaoMXTkCXX2DrASOjjEP65Oq/d42xpSf9 tG6XIq+xtRQyFWSMc+HfTlEHbfGReAEBlJBZhNoAwpuDckOC08vw7v2ybS5PYjJ4 5Kzdwej0ga03Wg9hrAFd/lVa5eO4pzMLuexLplhpIbJjYwCUGS4cc/LQ2jq4fue5 oxDpWPN+JrBH8oyqy91b10e70ohHppN8dQoCa79ySgMxDim92oHCkGnaVyULYDqJ zy0zqbi3tJu639c4pbcggxtAAr0I3ot8HPhKiNJRA6u8HTm//xEAEQEAAYkCPAQY AQoAJgIbDBYhBPZAP2VEo4hj2qC24D8BYYpRMS8/BQJl35S0BQkLRNhJAAoJED8B YYpRMS8/QHwP/3g6Mcdn47OK55Dx5YD5zI1DuuqhSFP0xak59jT7pVJm5Yu55Bai XS4+59IYrqaZ+CvbAr1TJzDMnwP3U2fBOyRIFpypURw+Q1efAnzKtP8aF2YIpd06 NhHEr1EZZMQytI5NcDaDly1Idwj5FX0m23AzvgVg7QbTcNOH2bOcXal++WWQ10TT b1gsnATz+Tw84EBugjk3vML5yoAWc77L3SA8KxMTcUEGhDkhm1kuct4PGIuHXmp+ qUKVh9XwvmcQIcu2fr3qmm0Bw3khwYNhGczSDjGDrnLmE5u/5R/AHgod/d0+SkHW 2uI8gPbunkLZPHc2Xaf1EUiZq/8n91FONusykZX+CizleS8AvMQmstuUcf48V2rv v7rsUtRflxf5IGH1P/X/tQ+WewD2VIHDQu+dyXvkos6LHFnxz6irNM90QqmcihYd vBvvrdeW6t5HoT2Lfhv/Xj7fzjKF5ye21WJpWFSK9PFrGb/tqPypUQspnE5cUtAa A9fP5AurEmjpDDZPaoPGG27N3m/95Dak0Q+BEx3r7VeRu4ZFX31Df/tocM5ADsXR eADwVh1H+R9vhOrc1EVPPYPWHzdjXlLZKVTiRd7uLLRXzhCp4yFfOmq1FFewlqH0 2AcgVTGaAOT65penu7y+sQJyCMHISsV15vIQXcHwL94As5MvV+mD0pGR =0Y9y -----END PGP PUBLIC KEY BLOCK-----二、执行命令sudo cat /tmp/gpg.key | sudo gpg --dearmor -o /usr/share/keyrings/gitlab-archive-keyring.gpg sudo apt update sudo apt install -y gitlab-ce三、修改配置 外部访问URLvi /etc/gitlab/gitlab.rb external_url 'http://192.168.1.100' # 替换为实际IP或域名 unicorn['listen_port'] = 8080 # 可选:调整默认端口四、关闭防火墙sudo ufw allow http sudo ufw allow https sudo ufw allow ssh sudo ufw enable五、启动sudo gitlab-ctl reconfigure sudo gitlab-ctl restart六、查看密码sudo cat /etc/gitlab/initial_root_password zlh2xR7fA814Z2TG0gx+QmHBZSFLrZJ1v6Lk2NEYk4w= 登录192.168.3.201 账号root 密码zlh2xR7fA814Z2TG0gx+QmHBZSFLrZJ1v6Lk2NEYk4w=七、添加ssh秘钥root@k8s02:~# ssh-keygen -t ed25519 -C "jenkins@your-server" Generating public/private ed25519 key pair. Enter file in which to save the key (/root/.ssh/id_ed25519): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_ed25519 Your public key has been saved in /root/.ssh/id_ed25519.pub The key fingerprint is: SHA256:9ddgsERNTkCNMf0mG9LOXtVamYkuewg1xnj+NUlaCUw jenkins@your-server The key's randomart image is: +--[ED25519 256]--+ | o@Eo | | ..O+ | | + ..*.*| | o B.o+X*| | S = ++=B+| | . o +=+.| | . =....| | o o. | | . | +----[SHA256]-----+ root@k8s02:~# cat ~/.ssh/id_ed25519.pub ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILncgKrxDBMvO8zW0WaBymGLbKIRjUo2ZBsdacdayP03 jenkins@your-server
-
ceph ubuntu系统改网络配置/etc/netplan/..network: version: 2 ethernets: ens33: dhcp4: no addresses: - 192.168.3.131/24 gateway4: 192.168.3.1 nameservers: addresses: - 8.8.8.8 - 114.114.114.114 - 8.8.4.4账号:admin密码123456Abc@用https访问添加路由目录sudo ip route add default via 192.168.3.1root@ubuntu01:~# sudo resolvectl dns ens33 8.8.8.8 8.8.4.4
