k8s4部署
configMap
configmap概述:数据会存储在etcd数据库,其应用场景主要在应用程序的配置
configmap支持的类型(1)键值对(2)多行数据
pod使用configmap资源有两种常见的方式(1)变量注入(2)数据卷挂载
推荐阅读
https://kubernetes.io/docs/concepts/storage/volumes/#configmap
https://kubernetes.io/docs/concepts/configuration/configmap/声明式创建cm资源
[root@master231 configmaps]# cat 01-cm-demo.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: game-demo
# 指定cm资源的数据
data:# 类属性键;每一个键都映射到一个简单的值,对应的键值对。player_initial_lives: "3"ui_properties_file_name: "user-interface.properties"school: oldboyeduclass: linux94# 类文件键,对应的是多行数据,注意缩进格式game.properties: | # |表示换行,一行写不下enemy.types=aliens,monstersplayer.maximum-lives=5 user-interface.properties: |color.good=purplecolor.bad=yellowallow.textmode=true my.cnf: |[mysqld]datadir=/var/lib/mysqlbasedir=/usr/local/mysqlsocket=/tpm/mysql.sockskip-name-resolve=1port=3306[client]username=adminpassword=oldboyedu 创建
root@ubuntu0:~/manifests/configmap# kubectl apply -f 01-cm-demo.yaml
configmap/game-demo created查看
root@ubuntu0:~/manifests/configmap# kubectl get cm
NAME DATA AGE
game-demo 7 29s
kube-root-ca.crt 1 23d
root@ubuntu0:~/manifests/configmap# kubectl get cm game-demo
NAME DATA AGE
game-demo 7 33s #7代表有七个键值对删除
root@ubuntu0:~/manifests/configmap# kubectl delete -f 01-cm-demo.yaml
configmap "game-demo" deleted响应式创建
root@ubuntu0:~/manifests/configmap# kubectl create configmap xp --from-literal=school=oldboyedu --from-literal=class=linux94
configmap/xp created
root@ubuntu0:~/manifests/configmap# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 23d
xp 2 6s
root@ubuntu0:~/manifests/configmap# kubectl get cm xp
NAME DATA AGE
xp 2 8sroot@ubuntu0:~/manifests/configmap# kubectl describe cm xp
Name: xp
Namespace: default
Labels: <none>
Annotations: <none>Data
====
class:
----
linux94
school:
----
oldboyeduBinaryData
====Events: <none>基于配置文件创建cm[root@master231 configmaps]# ll /root/kube-flannel.yml
-rw-r--r-- 1 root root 4406 Nov 15 17:40 /root/kube-flannel.yml
[root@master231 configmaps]#
[root@master231 configmaps]# kubectl create configmap oldboyedu-cni --from-file=cni.yml=/root/kube-flannel.yml
configmap/oldboyedu-cni created3.3 查看cm资源
[root@master231 configmaps]# kubectl get cm oldboyedu-cni
NAME DATA AGE
oldboyedu-cni 1 8s
[root@master231 configmaps]#
[root@master231 configmaps]# kubectl describe cm oldboyedu-cni
[root@master231 configmaps]#
[root@master231 configmaps]# kubectl get cm oldboyedu-cni -o yaml
[root@master231 configmaps]#
[root@master231 configmaps]# kubectl get cm oldboyedu-cni -o json3.3 删除cm资源
[root@master231 configmaps]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 4d16h
oldboyedu-cni 1 2m27s
oldboyedu-linux94 2 4m38s
[root@master231 configmaps]#
[root@master231 configmaps]# kubectl delete cm oldboyedu-cni
configmap "oldboyedu-cni" deleted
[root@master231 configmaps]#
[root@master231 configmaps]# kubectl get cm
NAME DATA AGE
kube-root-ca.crt 1 4d16h
oldboyedu-linux94 2 5m9s
[root@master231 configmaps]# root@ubuntu0:~/manifests/configmap# kubectl get cm xp -o yaml
apiVersion: v1
data:class: linux94school: oldboyedu
kind: ConfigMap
metadata:creationTimestamp: "2025-05-02T10:49:39Z"name: xpnamespace: defaultresourceVersion: "670826"uid: b129e625-7733-4b80-9d9f-55227b473f51那如何在声明式中引用这个key:vlaue呢
root@ubuntu0:~/manifests/configmap# cat 01-cm-demo.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: xp-configmap
spec:replicas: 1selector:apps: v1template:metadata:labels:apps: v1spec:nodeName: ubuntu1containers:- name: xiuxian-v1image: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1env:- name: SCHOOL# 指定值从哪里来,一点定义了valueFrom字段,则不能定义value字段。# 换句话说,定义了valueFrom字段,则value字段必须为空,省略不写!valueFrom:# 表示数据从一个cm资源引用configMapKeyRef:# 指定cm的名称name: "xp"# 指定引用cm的KEYkey: "school"- name: CLassvalueFrom:configMapKeyRef:name: "xp"key: "class"
root@ubuntu0:~/manifests/configmap# kubectl apply -f 01-cm-demo.yaml
replicationcontroller/xp-configmap created
root@ubuntu0:~/manifests/configmap# kubectl exec -it xp-configmap-vvtch -- env|grep -Ei 'school|class'
SCHOOL=oldboyedu
CLass=linux94Pod基于存储卷引用cm资源
root@ubuntu0:~/manifests/configmap# cat 02-rc-configmaps-volumes.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: xpxp
spec:replicas: 1selector: apps: xpxp-v1template:metadata:labels:apps: xpxp-v1spec:nodeName: ubuntu1volumes:- name: data# 指定存储卷类型是cm资源configMap:# 指定cm的名称name: "xp"# 定义需要引用具体的KEY,若不定义,则默认引用所有的KEYitems:# 表示引用指定的KEY- key: school # 可以暂时理解为将来的文件名称path: school.txtcontainers:- name: nginximage: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1volumeMounts:- name: datamountPath: /oldboyeduroot@ubuntu0:~/manifests/configmap# kubectl apply -f 02-rc-configmaps-volumes.yaml
replicationcontroller/xpxp created
root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
xpxp-25pwf 1/1 Running 0 25m 10.100.2.19 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/configmap# kubectl exec xpxp-25pwf -- ls /oldboyedu
school.txt
root@ubuntu0:~/manifests/configmap# kubectl exec xpxp-25pwf -- more /oldboyedu/school.txt
oldboyeduroot@ubuntu0:~/manifests/configmap# 将"registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1"镜像的80端口修改为81端口,要求在不重新打镜像的情况下,使用cm存储卷的方式挂载。1.找到nginx的配置文件
root@ubuntu0:~/manifests/configmap# kubectl exec -it xp-configmap-pgc6z -- sh
/ # vi /etc/nginx/nginx.conf
/ # ls /etc/nginx/conf.d/default.conf
/etc/nginx/conf.d/default.conf
/ # vi /etc/nginx/conf.d/default.conf
server { listen 80; listen [::]:80; server_name localhost; location / { root /usr/share/nginx/html;index index.html index.htm; } error_page 500 502 503 504 /50x.html;location = /50x.html { root /usr/share/nginx/html; } }
2.编写资源清单root@ubuntu0:~/manifests/configmap# cat 02-rc-configmaps-volumes.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: game-cm
data:port.conf: |server { listen 81; listen [::]:81; server_name localhost; location / { root /usr/share/nginx/html;index index.html index.htm; } error_page 500 502 503 504 /50x.html;location = /50x.html { root /usr/share/nginx/html; } }
---
apiVersion: v1
kind: ReplicationController
metadata:name: xiuxian-cm
spec:replicas: 1selector: apps: xpxp-v1template:metadata:labels:apps: xpxp-v1spec:nodeName: ubuntu1volumes:- name: data# 指定存储卷类型是cm资源configMap:# 指定cm的名称name: "game-cm"# 定义需要引用具体的KEY,若不定义,则默认引用所有的KEYitems:# 表示引用指定的KEY- key: port.conf# 可以暂时理解为将来的文件名称path: default.confcontainers:- name: nginximage: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1volumeMounts:- name: datamountPath: /etc/nginx/conf.d/
---
apiVersion: v1
kind: Service
metadata:name: svc-mysql
spec:type: NodePortselector:apps: xpxp-v1ports:- port: 80targetPort: 81nodePort: 30081
root@ubuntu0:~/manifests/configmap# kubectl apply -f 02-rc-configmaps-volumes.yaml
configmap/game-cm created
replicationcontroller/xiuxian-cm created
service/svc-mysql created
root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
xiuxian-cm-b52m2 1/1 Running 0 7s 10.100.2.21 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/configmap# kubectl describe svc
kubernetes svc-mysql
root@ubuntu0:~/manifests/configmap# kubectl describe svc svc-mysql
Name: svc-mysql
Namespace: default
Labels: <none>
Annotations: <none>
Selector: apps=xpxp-v1
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 192.168.116.228
IPs: 192.168.116.228
Port: <unset> 80/TCP
TargetPort: 81/TCP
NodePort: <unset> 30081/TCP
Endpoints: 10.100.2.21:81
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
root@ubuntu0:~/manifests/configmap# curl 10.100.2.21:81
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v1</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: green">凡人修仙传 v1 </h1><div><img src="1.jpg"><div></body></html>在进入容器内,已经发生改变了
root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
xiuxian-cm-b52m2 1/1 Running 0 2m38s 10.100.2.21 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/configmap# kubectl exec -it xiuxian-cm-b52m2 -- sh
/ # cat /etc/nginx/conf.d/default.conf
server { listen 81; listen [::]:81; server_name localhost; location / { root /usr/share/nginx/html;index index.html index.htm; } error_page 500 502 503 504 /50x.html;location = /50x.html { root /usr/share/nginx/html; } } kubectl logs查看Pod日志
1.实时查看日志
[root@master231 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-xiuxian-cm-844zl 1/1 Running 0 4m47s 10.100.1.55 worker232 <none> <none>
[root@master231 ~]#
[root@master231 ~]# kubectl logs -f oldboyedu-xiuxian-cm-844zl
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?)
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/11/20 03:10:00 [notice] 1#1: using the "epoll" event method
2024/11/20 03:10:00 [notice] 1#1: nginx/1.20.1
2024/11/20 03:10:00 [notice] 1#1: built by gcc 10.2.1 20201203 (Alpine 10.2.1_pre1)
2024/11/20 03:10:00 [notice] 1#1: OS: Linux 5.15.0-119-generic
2024/11/20 03:10:00 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 524288:524288
2024/11/20 03:10:00 [notice] 1#1: start worker processes
2024/11/20 03:10:00 [notice] 1#1: start worker process 23
2024/11/20 03:10:00 [notice] 1#1: start worker process 24
10.100.0.0 - - [20/Nov/2024:03:10:08 +0000] "GET / HTTP/1.1" 200 357 "-" "curl/7.81.0" "-"
10.100.0.0 - - [20/Nov/2024:03:10:13 +0000] "GET / HTTP/1.1" 200 357 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" "-"
10.100.0.0 - - [20/Nov/2024:03:10:13 +0000] "GET /1.jpg HTTP/1.1" 200 233472 "http://10.0.0.231:30080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" "-"
2024/11/20 03:10:13 [error] 24#24: *2 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.100.0.0, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "10.0.0.231:30080", referrer: "http://10.0.0.231:30080/"
10.100.0.0 - - [20/Nov/2024:03:10:13 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://10.0.0.231:30080/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36" "-"2.查看最近5min的日志
[root@master231 ~]# kubectl logs -f --since=5m oldboyedu-xiuxian-cm-844zl
2024/11/20 03:16:22 [error] 24#24: *4 open() "/usr/share/nginx/html/oldboyedu.html" failed (2: No such file or directory), client: 10.100.0.0, server: localhost, request: "GET /oldboyedu.html HTTP/1.1", host: "10.100.1.55:81"
10.100.0.0 - - [20/Nov/2024:03:16:22 +0000] "GET /oldboyedu.html HTTP/1.1" 404 153 "-" "curl/7.81.0" "-"3.查看指定容器的日志(一般情况下是一个Pod有多个容器时才会使用)
[root@master231 ~]# kubectl logs -c c1 -f --since=5m oldboyedu-xiuxian-cm-844zl
2024/11/20 03:16:22 [error] 24#24: *4 open() "/usr/share/nginx/html/oldboyedu.html" failed (2: No such file or directory), client: 10.100.0.0, server: localhost, request: "GET /oldboyedu.html HTTP/1.1", host: "10.100.1.55:81"
10.100.0.0 - - [20/Nov/2024:03:16:22 +0000] "GET /oldboyedu.html HTTP/1.1" 404 153 "-" "curl/7.81.0" "-"
cm资源存储nginx主配置文件值subPath案例
root@ubuntu0:~/manifests/configmap# cat 02-rc-configmaps-volumes.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: game-cm
data:main.conf: |user nginx;worker_processes auto;error_log /var/log/nginx/error.log notice;pid /var/run/nginx.pid;events {worker_connections 1024;}http {include /etc/nginx/mime.types;default_type application/octet-stream;log_format oldboyedu_nginx_json '{"@timestamp":"$time_iso8601",''"host":"$server_addr",''"clientip":"$remote_addr",''"SendBytes":$body_bytes_sent,''"responsetime":$request_time,''"upstreamtime":"$upstream_response_time",''"upstreamhost":"$upstream_addr",''"http_host":"$host",''"uri":"$uri",''"domain":"$host",''"xff":"$http_x_forwarded_for",''"referer":"$http_referer",''"tcp_xff":"$proxy_protocol_addr",''"http_user_agent":"$http_user_agent",''"status":"$status"}';access_log /var/log/nginx/access.log oldboyedu_nginx_json;sendfile on;keepalive_timeout 65;include /etc/nginx/conf.d/*.conf;}port.conf: |server { listen 81; listen [::]:81; server_name localhost; location / { root /usr/share/nginx/html;index index.html index.htm; } error_page 500 502 503 504 /50x.html;location = /50x.html { root /usr/share/nginx/html; } }
---
apiVersion: v1
kind: ReplicationController
metadata:name: xiuxian-cm
spec:replicas: 1selector: apps: xpxp-v1template:metadata:labels:apps: xpxp-v1spec:nodeName: ubuntu1volumes:- name: data# 指定存储卷类型是cm资源configMap:# 指定cm的名称name: "game-cm"# 定义需要引用具体的KEY,若不定义,则默认引用所有的KEYitems:# 表示引用指定的KEY- key: port.conf# 可以暂时理解为将来的文件名称path: default.conf- name: data1configMap:name: "game-cm"items:- key: main.confpath: nginx.conf containers:- name: nginximage: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1volumeMounts:- name: datamountPath: /etc/nginx/conf.d/- name: data1mountPath: /etc/nginx/nginx.conf# 当subPath的值和cm的items的path值相同时,则mountPath表示的是文件而不是目录subPath: nginx.conf
---
apiVersion: v1
kind: Service
metadata:name: svc-mysql
spec:type: NodePortselector:apps: xpxp-v1ports:- port: 80targetPort: 81nodePort: 30081root@ubuntu0:~/manifests/configmap# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
xiuxian-cm-8q45n 1/1 Running 0 7s 10.100.2.22 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/configmap# curl 10.100.2.22:81
<!DOCTYPE html>
<html><head><meta charset="utf-8"/><title>yinzhengjie apps v1</title><style>div img {width: 900px;height: 600px;margin: 0;}</style></head><body><h1 style="color: green">凡人修仙传 v1 </h1><div><img src="1.jpg"><div></body></html>k8s部署mysql主从
root@ubuntu0:~/manifests/ReplicationController# cat 05-nfs-mysql.yaml
apiVersion: v1
kind: ConfigMap
metadata:name: game-demo
# 指定cm资源的数据
data:master.cnf: |[mysqld]# 二进制日志log-bin=mysqllog-binserver_id=111skip-host-cacheskip-name-resolvedatadir=/var/lib/mysqlsocket=/var/run/mysqld/mysqld.socksecure-file-priv=/var/lib/mysql-filesuser=mysqlpid-file=/var/run/mysqld/mysqld.pid[client]socket=/var/run/mysqld/mysqld.sock !includedir /etc/mysql/conf.d/slave.cnf: |[mysqld]log-bin=mysqllog-binserver_id=222skip-host-cacheskip-name-resolvedatadir=/var/lib/mysqlsocket=/var/run/mysqld/mysqld.socksecure-file-priv=/var/lib/mysql-filesuser=mysqlpid-file=/var/run/mysqld/mysqld.pid[client]socket=/var/run/mysqld/mysqld.sock !includedir /etc/mysql/conf.d/
---
apiVersion: v1
kind: ReplicationController
metadata:name: mysql-master
spec:replicas: 1selector:apps: v1 template:spec:nodeName: ubuntu1volumes:- name: datanfs:server: ubuntu0path: /oldboyedu/data/nfs-server/master-lib - name: data1configMap:name: "game-demo"items:- key: master.cnfpath: my.cnf containers:- name: mysql-v1image: mysql:5.7.29ports:- containerPort: 3306name: mysqlportenv:- name: MYSQL_ALLOW_EMPTY_PASSWORDvalue: "yes"- name: MYSQL_USERvalue: linux94- name: MYSQL_PASSWORDvalue: 'oldboyedu'volumeMounts:- name: datamountPath: /var/lib/mysql- name: data1mountPath: /etc/my.cnfsubPath: my.cnfargs:- --character-set-server=utf8- --collation-server=utf8_bin- --default-authentication-plugin=mysql_native_passwordmetadata:labels:apps: v1
---
apiVersion: v1
kind: Service
metadata:name: svc-mysql
spec:selector:apps: v1ports:- port: 3306 name: mysqlport
---apiVersion: v1
kind: ReplicationController
metadata:name: mysql-slave
spec:replicas: 1selector:apps: v2template:spec:nodeName: ubuntu1volumes:- name: datanfs:server: ubuntu0path: /oldboyedu/data/nfs-server/slave-lib - name: data1configMap:name: "game-demo"items:- key: slave.cnfpath: my.cnf containers:- name: mysql-v2image: mysql:5.7.29env:- name: MYSQL_ALLOW_EMPTY_PASSWORDvalue: "yes"- name: MYSQL_MASTER_HOSTvalue: 'svc-mysql'ports:- containerPort: 3306volumeMounts:- name: datamountPath: /var/lib/mysql- name: data1mountPath: /etc/my.cnfsubPath: my.cnfmetadata:labels:apps: v2
---
apiVersion: v1
kind: Service
metadata:name: svc-slave
spec:selector:apps: v2ports:- port: 3306进入主数据库查看
root@ubuntu0:~/manifests/ReplicationController# kubectl exec -it mysql-master-4zxp6 -- mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.7.29-log MySQL Community Server (GPL)Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.授权用户访问
mysql> GRANT Replication slave ON *.* TO linux94;
Query OK, 0 rows affected (0.00 sec)mysql> SHOW MASTER STATUS\G
*************************** 1. row ***************************File: mysqllog-bin.000004Position: 353Binlog_Do_DB: Binlog_Ignore_DB:
Executed_Gtid_Set:
1 row in set (0.00 sec)mysql> SHOW GRANTS FOR linux94;
+-------------------------------------------------+
| Grants for linux94@% |
+-------------------------------------------------+
| GRANT REPLICATION SLAVE ON *.* TO 'linux94'@'%' |
+-------------------------------------------------+从库配置
mysql> CHANGE MASTER TO MASTER_HOST='svc-mysql',MASTER_USER='linux94',MASTER_PASSWORD='oldboyedu',MASTER_PORT=3306,MASTER_LOG_FILE='mysqllog-bin.000004',MASTER_LOG_POS=353,MASTER_CONNECT_RETRY=3;
Query OK, 0 rows affected, 2 warnings (0.04 sec)mysql> STOP SLAVE;
Query OK, 0 rows affected, 1 warning (0.00 sec)mysql> START SLAVE;
Query OK, 0 rows affected (0.00 sec)mysql> SHOW SLAVE STATUS\G
*************************** 1. row ***************************Slave_IO_State: Waiting for master to send eventMaster_Host: svc-mysqlMaster_User: linux94Master_Port: 3306Connect_Retry: 3Master_Log_File: mysqllog-bin.000004Read_Master_Log_Pos: 353Relay_Log_File: mysql-slave-2pgsd-relay-bin.000002Relay_Log_Pos: 323Relay_Master_Log_File: mysqllog-bin.000004Slave_IO_Running: YesSlave_SQL_Running: Yessecret概述
与ConfigMap类似,区别在于secret存储敏感数据,所有的数据都需要经过base64进行编码。
使用secret主要存储的是凭据信息。参考链接:https://kubernetes.io/zh/docs/concepts/configuration/secret/#secret-typessecret资源声明式两种创建方式2.1 方式一: 基于stringData方式(推荐)
root@ubuntu0:~/manifests/secret# cat 01-secrets-stringData.yaml
apiVersion: v1
kind: Secret
metadata:name: user-info
stringData:username: adminpassword: "1"my.cnf: |[mysqld]basedir=/oldboyedu/softwares/mysql80port=3306datadir=/oldboyedu/data/mysql80socket=/tmp/mysql80.sock
root@ubuntu0:~/manifests/secret# kubectl apply -f 01-secrets-stringData.yaml
secret/user-info created
root@ubuntu0:~/manifests/secret# kubectl get secrets -o wideNAME TYPE DATA AGE
default-token-hszqs kubernetes.io/service-account-token 3 26d
user-info Opaque 3 7s
root@ubuntu0:~/manifests/secret# kubectl get secrets -o wide user-info
NAME TYPE DATA AGE
user-info Opaque 3 46s
root@ubuntu0:~/manifests/secret# kubectl describe secrets user-info
Name: user-info
Namespace: default
Labels: <none>
Annotations: <none>Type: OpaqueData
====
my.cnf: 113 bytes
password: 1 bytes
username: 5 bytes
root@ubuntu0:~/manifests/secret# kubectl get secrets user-info -o yaml
apiVersion: v1
data:my.cnf: W215c3FsZF0KYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCnBvcnQ9MzMwNgpkYXRhZGlyPS9vbGRib3llZHUvZGF0YS9teXNxbDgwCnNvY2tldD0vdG1wL215c3FsODAuc29jawo=password: MQ==username: YWRtaW4=
kind: Secret
metadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","kind":"Secret","metadata":{"annotations":{},"name":"user-info","namespace":"default"},"stringData":{"my.cnf":"[mysqld]\nbasedir=/oldboyedu/softwares/mysql80\nport=3306\ndatadir=/oldboyedu/data/mysql80\nsocket=/tmp/mysql80.sock\n","password":"1","username":"admin"}}creationTimestamp: "2025-05-05T02:16:24Z"name: user-infonamespace: defaultresourceVersion: "815355"uid: 90653274-1030-4208-a555-032c6484029f
type: Opaque解密:
root@ubuntu0:~/manifests/secret# echo 'W215c3FsZF0KYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCnBvcnQ9MzMwNgpkYXRhZGlyPS9vbGRib3llZHUvZGF0YS9teXNxbDgwCnNvY2tldD0vdG1wL215c3FsO
DAuc29jawo='|base64 -d
[mysqld]
basedir=/oldboyedu/softwares/mysql80
port=3306
datadir=/oldboyedu/data/mysql80
socket=/tmp/mysql80.sock
root@ubuntu0:~/manifests/secret# echo 'MQ=='|base64 -d
1root@ubuntu0:~/manifests/secret# echo 'MQ=='|base64 -d|more
1方式二: 基于方式(不推荐,编写时容易出错)
root@ubuntu0:~/manifests/secret# echo linux94 | base64
bGludXg5NAo=
root@ubuntu0:~/manifests/secret# echo oldboyedu | base64
b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# cat 02-secrets-data.yaml
apiVersion: v1
kind: Secret
metadata:name: admin
data:# KEY无需做任何操作,VALUE进行BASE64手动编码username: bGludXg5NAo=password: b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# echo linux94 | base64
bGludXg5NAo=
root@ubuntu0:~/manifests/secret# echo oldboyedu | base64
b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# cat 02-secrets-data.yaml
apiVersion: v1
kind: Secret
metadata:name: admin
data:# KEY无需做任何操作,VALUE进行BASE64手动编码username: bGludXg5NAo=password: b2xkYm95ZWR1Cg==
root@ubuntu0:~/manifests/secret# kubectl apply -f 02-secrets-data.yaml
secret/admin created
root@ubuntu0:~/manifests/secret# kubectl get secrets admin
NAME TYPE DATA AGE
admin Opaque 2 6s
root@ubuntu0:~/manifests/secret# kubectl get secrets admin -o yaml
apiVersion: v1
data:password: b2xkYm95ZWR1Cg==username: bGludXg5NAo=
kind: Secret
metadata:annotations:kubectl.kubernetes.io/last-applied-configuration: |{"apiVersion":"v1","data":{"password":"b2xkYm95ZWR1Cg==","username":"bGludXg5NAo="},"kind":"Secret","metadata":{"annotations":{},"name":"admin","namespace":"default"}}creationTimestamp: "2025-05-05T02:21:09Z"name: adminnamespace: defaultresourceVersion: "815756"uid: 4e62f0f6-1940-43f7-b81c-16278cda898d
type: Opaque响应式创建secrets常用选项
root@ubuntu0:~/manifests/secret# kubectl create secret generic test01 --from-literal=SCHOOL=oldboyedu --from-literal=class=linux94
secret/test01 created
root@ubuntu0:~/manifests/secret# kubectl create secret generic test02 --from-file=stringData=01-secrets-stringData.yaml --from-file=Data=02-secrets-data.yaml
secret/test02 created
root@ubuntu0:~/manifests/secret# kubectl get secrets test01 test02
NAME TYPE DATA AGE
test01 Opaque 2 20s
test02 Opaque 2 9s
root@ubuntu0:~/manifests/secret# kubectl get secrets test01 test02 -o yaml
apiVersion: v1
items:
- apiVersion: v1data:SCHOOL: b2xkYm95ZWR1class: bGludXg5NA==kind: Secretmetadata:creationTimestamp: "2025-05-05T02:39:39Z"name: test01namespace: defaultresourceVersion: "817317"uid: 9255edec-24db-4490-a8b3-d0951b21c470type: Opaque
- apiVersion: v1data:Data: YXBpVmVyc2lvbjogdjEKa2luZDogU2VjcmV0Cm1ldGFkYXRhOgogIG5hbWU6IGFkbWluCmRhdGE6CiAgIyBLRVnml6DpnIDlgZrku7vkvZXmk43kvZzvvIxWQUxVRei/m+ihjEJBU0U2NOaJi+WKqOe8lueggQogIHVzZXJuYW1lOiBiR2x1ZFhnNU5Bbz0KICBwYXNzd29yZDogYjJ4a1ltOTVaV1IxQ2c9PQo=stringData: YXBpVmVyc2lvbjogdjEKa2luZDogU2VjcmV0Cm1ldGFkYXRhOgogIG5hbWU6IHVzZXItaW5mbwpzdHJpbmdEYXRhOgogIHVzZXJuYW1lOiBhZG1pbgogIHBhc3N3b3JkOiAiMSIKCiAgbXkuY25mOiB8CiAgICBbbXlzcWxkXQogICAgYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCiAgICBwb3J0PTMzMDYKICAgIGRhdGFkaXI9L29sZGJveWVkdS9kYXRhL215c3FsODAKICAgIHNvY2tldD0vdG1wL215c3FsODAuc29jawo=kind: Secretmetadata:creationTimestamp: "2025-05-05T02:39:50Z"name: test02namespace: defaultresourceVersion: "817332"uid: b1476fdd-5182-426d-a784-7ee5b16342c1type: Opaque
kind: List
metadata:resourceVersion: ""selfLink: ""
root@ubuntu0:~/manifests/secret# kubectl delete secrets test01 test02
secret "test01" deleted
secret "test02" deletedPod引用secrets的两种方式
基于环境变量引入1.先查看一下user-info的变量
root@ubuntu0:~/manifests/secret# kubectl get secrets user-info
NAME TYPE DATA AGE
user-info Opaque 3 4d21h
root@ubuntu0:~/manifests/secret# kubectl get secrets user-info -o yaml
apiVersion: v1
data:my.cnf: W215c3FsZF0KYmFzZWRpcj0vb2xkYm95ZWR1L3NvZnR3YXJlcy9teXNxbDgwCnBvcnQ9MzMwNgpkYXRhZGlyPS9vbGRib3llZHUvZGF0YS9teXNxbDgwCnNvY2tldD0vdG1wL215c3FsODAuc29jawo=password: MQ==username: YWRtaW4=
kind: Secret2.基于环境变量引入root@ubuntu0:~/manifests/secret# cat 04-secret-env.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: secret-env
spec:replicas: 1selector:apps: v1template:metadata:labels:apps: v1spec:nodeName: ubuntu1containers:- name: xpimage: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1env:- name: env_usernamevalueFrom:#表示值从一个secrets资源中引用secretKeyRef:# 指定secrets资源的名称name: user-info# 引用secrets的keykey: username- name: env_mycnfvalueFrom:#表示值从一个secrets资源中引用secretKeyRef:# 指定secrets资源的名称name: user-info# 引用secrets的keykey: my.cnf
root@ubuntu0:~/manifests/secret# kubectl apply -f 04-secret-env.yaml
replicationcontroller/secret-env created
root@ubuntu0:~/manifests/secret# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-master-4zxp6 1/1 Running 0 5d 10.100.2.30 ubuntu1 <none> <none>
mysql-slave-2pgsd 1/1 Running 0 5d 10.100.2.29 ubuntu1 <none> <none>
secret-env-78xjs 1/1 Running 0 29s 10.100.2.32 ubuntu1 <none> <none>
查看环境变量,他会自动的解密
root@ubuntu0:~/manifests/secret# kubectl exec -it secret-env-78xjs -- env
env_username=admin
env_mycnf=[mysqld]
basedir=/oldboyedu/softwares/mysql80
port=3306
datadir=/oldboyedu/data/mysql80
socket=/tmp/mysql80.sock基于存储卷的方式引用
root@ubuntu0:~/manifests/secret# cat 03-secret.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-rc-nfs-v1
spec:replicas: 1selector:apps: v1template:metadata:labels:apps: v1spec:nodeName: ubuntu1volumes:- name: data#表示存储卷的类型是secretsecret: # 指定secret的名称secretName: user-info# 指定要引用的键值对items:# 指定secrets的KEY - key: username# 暂时理解为将来在Pod容器挂载时的文件名称path: username.txt- key: passwordpath: password.txt- key: my.cnfpath: my.cnfcontainers:- name: nginximage: registry.cn-hangzhou.aliyuncs.com/yinzhengjie-k8s/apps:v1 volumeMounts:- name: datamountPath: /oldboyeduroot@ubuntu0:~/manifests/secret# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
mysql-master-4zxp6 1/1 Running 0 5d 10.100.2.30 ubuntu1 <none> <none>
mysql-slave-2pgsd 1/1 Running 0 5d 10.100.2.29 ubuntu1 <none> <none>
oldboyedu-rc-nfs-v1-5cx5d 1/1 Running 0 8s 10.100.2.33 ubuntu1 <none> <none>
root@ubuntu0:~/manifests/secret# kubectl exec -it oldboyedu-rc-nfs-v1-5cx5d -- sh
/ # ls -l /oldboyedu/
total 0
lrwxrwxrwx 1 root root 13 May 10 00:42 my.cnf -> ..data/my.cnf
lrwxrwxrwx 1 root root 19 May 10 00:42 password.txt -> ..data/password.txt
lrwxrwxrwx 1 root root 19 May 10 00:42 username.txt -> ..data/username.txt
/ # cat /oldboyedu/my.cnf
[mysqld]
basedir=/oldboyedu/softwares/mysql80
port=3306
datadir=/oldboyedu/data/mysql80
socket=/tmp/mysql80.sock基于响应式secret实现harbor登录认证案例
1.响应式创建harbor的认证信息
[root@master231 case-demo]# kubectl create secret docker-registry oldboyedu-harbor --docker-username=admin --docker-password=1 --docker-email=admin@oldboyedu.com --docker-server=harbor.oldboyedu.com
secret/oldboyedu-harbor created
[root@master231 case-demo]# kubectl get secrets oldboyedu-harbor
NAME TYPE DATA AGE
oldboyedu-harbor kubernetes.io/dockerconfigjson 1 9s2.创建测试
[root@master231 case-demo]# cat 16-rc-secrets-private-harbor-registry.yaml
apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-private-harbor
spec:replicas: 3selector:apps: linuxtemplate:spec:# 镜像拉取的认证凭据imagePullSecrets:# 指定访问harbor的认证信息- name: oldboyedu-harborcontainers:- name: c1image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latestimagePullPolicy: Alwaysstdin: truemetadata:labels:apps: linux
[root@master231 case-demo]#
[root@master231 case-demo]# kubectl apply -f 16-rc-secrets-private-harbor-registry.yaml
replicationcontroller/oldboyedu-private-harbor created
[root@master231 case-demo]#
[root@master231 case-demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-private-harbor-f7hmj 1/1 Running 0 4s 10.100.1.64 worker232 <none> <none>
oldboyedu-private-harbor-gkmtm 1/1 Running 0 4s 10.100.2.120 worker233 <none> <none>
oldboyedu-private-harbor-pmf5q 1/1 Running 0 4s 10.100.2.119 worker233 <none> <none>
[root@master231 case-demo]# 基于声明式secret实现harbor登录认证案例
1.harbor创建用户名和密码 用户名称: linux94 密码: Linux@2024邮箱: linux94@oldboyedu.com 2.对认证信息进行base64编码[root@master231 case-demo]# echo -n linux94:Linux@2024 | base64 bGludXg5NDpMaW51eEAyMDI0[root@master231 case-demo]#
3.得到最终的认证信息:{"auths":{"harbor.oldboyedu.com":{"username":"linux94","password":"Linux@2024","email":"linux94@oldboyedu.com","auth":"bGludXg5NDpMaW51eEAyMDI0"}}} 4.编写资源清单
[root@master231 case-demo]# cat 16-rc-secrets-private-harbor-registry.yaml
apiVersion: v1
kind: Secret
metadata:name: linux94-harbor
stringData:.dockerconfigjson: '{"auths":{"harbor.oldboyedu.com":{"username":"linux94","password":"Linux@2024","email":"linux94@oldboyedu.com","auth":"bGludXg5NDpMaW51eEAyMDI0"}}}'
type: kubernetes.io/dockerconfigjson---apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-private-harbor
spec:replicas: 3selector:apps: linuxtemplate:spec:# 镜像拉取的认证凭据imagePullSecrets:# 指定访问harbor的认证信息- name: linux94-harborcontainers:- name: c1image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latestimagePullPolicy: Alwaysstdin: truemetadata:labels:apps: linux
[root@master231 case-demo]#
[root@master231 case-demo]# kubectl apply -f 16-rc-secrets-private-harbor-registry.yaml
secret/linux94-harbor created
replicationcontroller/oldboyedu-private-harbor created
[root@master231 case-demo]#
[root@master231 case-demo]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
oldboyedu-private-harbor-6kf6t 1/1 Running 0 3s 10.100.2.124 worker233 <none> <none>
oldboyedu-private-harbor-prqnv 1/1 Running 0 3s 10.100.2.125 worker233 <none> <none>
oldboyedu-private-harbor-tcp27 1/1 Running 0 3s 10.100.1.68 worker232 <none> <none>
[root@master231 case-demo]#
基于serviceaccounts绑定secret实现harbor认证
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl api-resources |grep -w sa
serviceaccounts sa v1 true ServiceAccount1.响应式创建账号
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl create sa xixi
serviceaccount/xixi created
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl get sa xixi
NAME SECRETS AGE
xixi 1 61s
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl get sa xixi -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:creationTimestamp: "2025-05-18T12:03:44Z"name: xixinamespace: defaultresourceVersion: "1617334"uid: 8597121b-be87-4e33-a25b-d7f84a2fc43d
secrets:
- name: xixi-token-f4d9p2.查看账号后端的Image pull secrets
root@ubuntu0:/oldboyedu/softwares/harbor# kubectl describe sa xixi
Name: xixi
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: xixi-token-f4d9p
Tokens: xixi-token-f4d9p
Events: <none>
由于上面的镜像拉去策略为空,所以更新账号绑定的信息
[root@master231 serviceaccounts]# kubectl patch sa xixi -p '{"imagePullSecrets":[{"name":"oldboyedu-harbor"}]}'
serviceaccount/xixi patched
[root@master231 serviceaccounts]#
[root@master231 serviceaccounts]# kubectl describe sa xixi
Name: xixi
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: oldboyedu-harbor
Mountable secrets: xixi-token-nk9z4
Tokens: xixi-token-nk9z4
Events: <none>4.响应式更新账号的信息
[root@master231 serviceaccounts]# kubectl get secrets oldboyedu-harbor
NAME TYPE DATA AGE
oldboyedu-harbor kubernetes.io/dockerconfigjson 1 66m
[root@master231 serviceaccounts]#
[root@master231 serviceaccounts]# kubectl describe sa xixi
Name: xixi
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: <none>
Mountable secrets: xixi-token-nk9z4
Tokens: xixi-token-nk9z4
Events: <none>
[root@master231 serviceaccounts]#
[root@master231 serviceaccounts]# kubectl patch sa xixi -p '{"imagePullSecrets":[{"name":"oldboyedu-harbor"}]}'
serviceaccount/xixi patched
[root@master231 serviceaccounts]#
[root@master231 serviceaccounts]# kubectl describe sa xixi
Name: xixi
Namespace: default
Labels: <none>
Annotations: <none>
Image pull secrets: oldboyedu-harbor
Mountable secrets: xixi-token-nk9z4
Tokens: xixi-token-nk9z4
Events: <none>
[root@master231 serviceaccounts]# 5.Pod使用sa账号拉取镜像
[root@master231 case-demo]# cat 17-rc-secrets-sa-harbor.yaml
apiVersion: v1
kind: Secret
metadata:name: linux94-harbor
stringData:.dockerconfigjson: '{"auths":{"harbor.oldboyedu.com":{"username":"linux94","password":"Linux@2024","email":"linux94@oldboyedu.com","auth":"bGludXg5NDpMaW51eEAyMDI0"}}}'
type: kubernetes.io/dockerconfigjson---apiVersion: v1
# 将sa账号绑定secret的拉取镜像认证信息
imagePullSecrets:
- name: linux94-harbor
kind: ServiceAccount
metadata:name: linux94namespace: default---apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-private-harbor
spec:replicas: 3selector:apps: linuxtemplate:spec:# 指定服务账号,基于该账号拉取镜像serviceAccount: linux94containers:- name: c1image: harbor.oldboyedu.com/oldboyedu-linux/alpine:latestimagePullPolicy: Alwaysstdin: truemetadata:labels:apps: linux
[root@master231 case-demo]#
pod创建流程
- Pod创建流程:Pod的创建,删除,修改流程:1.执行kubectl命令时会加载"~/.kube/config",从而识别到apiserver的地址,端口及认证证书;2.apiserver进行证书认证,鉴权,语法检查,若成功则可以进行数据的读取或者写入;3.若用户是写入操作(创建,修改,删除)则需要修改etcd数据库的信息;4.如果创建Pod,此时scheduler负责Pod调度,将Pod调度到合适的worker节点,并将结果返回给ApiServer存储到etcd中;5.kubelet组件会周期性上报给apiServer节点,包括Pod内的容器资源(cpu,memory,disk,gpu,...)及worker宿主机节点状态,apiServer并将结果存储到etcd中,若有该节点的任务也会直接返回给该节点进行调度;6.kubelet开始调用CRI接口创建容器(依次创建pause,initContainers,containers);7.在运行过程中,若Pod容器,正常或者异常退出时,kubelet会根据重启策略是否重启容器(Never,Always,OnFailure);8.若一个节点怪掉,则需要controller manager介入维护,比如Pod副本数量缺失,则需要创建watch事件,要求控制器的副本数要达到标准,从而要创建新的Pod,此过程重复步骤4-6。k8s部署jenkins
apiVersion: v1
kind: Namespace
metadata:name: devops---apiVersion: v1
kind: ReplicationController
metadata:name: oldboyedu-jenkinsnamespace: devops
spec:replicas: 1selector:apps: jenkinstemplate:spec:nodeName: worker233volumes:- name: datanfs:server: 10.0.0.231path: /oldboyedu/data/nfs-server/volumes/devops/jenkinscontainers:- name: c1# image: jenkins/jenkins:2.479.1-alpine-jdk21image: harbor.oldboyedu.com/oldboyedu-devops/jenkins:2.479.1-alpine-jdk21#command: #- tail#- -f#- /etc/hostsports:- containerPort: 8080volumeMounts:- name: datamountPath: /var/jenkins_home/metadata:labels:apps: jenkins---apiVersion: v1
kind: Service
metadata:name: svc-jenkinsnamespace: devops
spec:type: NodePortselector:apps: jenkinsports:- port: 8080nodePort: 30083
[root@master231 case-demo]# 3.温馨提示:- 在使用资源清单之前,应该先将Jenkins运行起来,安装常用的插件;- 再将/var/jenkins_home/数据拷贝到"/oldboyedu/data/nfs-server/volumes/devops/jenkins"中。
相关文章:
k8s4部署
configMap configmap概述:数据会存储在etcd数据库,其应用场景主要在应用程序的配置 configmap支持的类型(1)键值对(2)多行数据 pod使用configmap资源有两种常见的方式(1)变量注入&a…...
)
贝叶斯医学分析中“先验”的如何进行选择(文献解读)
贝叶斯医学分析中“先验”的如何进行选择(文献解读) 作者:Callum Taylor, Kathryn Puxty, Tara Quasim, Martin Shaw 文章标题:Understanding Bayesian analysis of clinical trials: an overview for clinicians 期刊名称&#x…...
【汇编逆向系列】七、函数调用包含多个参数之浮点型- XMM0-3寄存器
目录 1. 汇编代码 1.1 debug编译 1.2 release编译 2. 汇编分析 2.1 浮点参数传递规则 2.2 栈帧rsp的变化时序 2.3 参数的访问逻辑 2.4 返回值XMM0寄存器 3. 汇编转化 3.1 Debug编译 3.2 Release 编译 3.3 C语言转化 1. 汇编代码 上一节介绍了整型的函数传参&#x…...
【MySQL系列】MySQL 执行 SQL 文件
博客目录 一、MySQL 执行 SQL 文件的常见场景二、MySQL 执行 SQL 文件的主要方法1. 使用 MySQL 命令行客户端2. 在 MySQL 交互界面中使用 source 命令3. 使用 MySQL Workbench 等图形化工具4. 使用编程语言接口 三、执行 SQL 文件时的注意事项1. 字符集问题2. 事务处理3. 错误处…...
论文MR-SVD
每个像素 7 个 FLOPs意思: FLOPs(浮点运算次数):衡量算法计算复杂度的指标,数值越小表示运算越高效。含义:对图像中每个像素进行处理时,仅需执行7 次浮点运算(如加减乘除等…...
Java 日期时间类全面解析
Java 日期时间类全面解析:从传统到现代的演进 一、发展历程概览 二、传统日期类(Java 8前) 1. java.util.Date - 日期表示类 Date now new Date(); // 当前日期时间 System.out.println(now); // Wed May 15 09:30:45 CST 2023// 特定时间…...
【工具-Wireshark 抓包工具】
工具-Wireshark 抓包工具 ■ Wireshark 抓包工具■ 通过IP指定查看■■ ■ Wireshark 抓包工具 抓包工具】win 10 / win 11:WireShark 下载、安装、使用 Wireshark下载 阿里云镜像 ■ 通过IP指定查看 ■ ■...
Linux安全机制:从SELinux到Intel SGX的堡垒
Linux安全机制:从SELinux到Intel SGX的堡垒 数字世界的钢铁长城 引言:操作系统的"防御工事" 当服务器每天承受数百万次攻击尝试时,Linux内核的安全机制如同精密的防御系统,在纳秒级时间内做出响应。现代Linux安全架构已…...
设备驱动与文件系统:06 目录与文件
磁盘使用的最后一层抽象:文件系统 今天我们讲第31讲,这一讲将完成磁盘对磁盘使用的最后一层抽象。对此板使用最后一层抽象,抽象出来的是什么呢? 实际上我们使用过磁盘,大家应该有这样的认识,最后不管这个磁…...
算法的锁无实现及应用)
C++11 Token Bucket (令牌桶)算法的锁无实现及应用
Token Bucket(令牌桶)算法是一种在流量控制和资源分配领域被广泛应用的技术。它通过约束数据传输速率或任务执行频率,确保系统在资源有限的情况下,能够稳定、高效地运行,避免因突发流量或任务积压而导致的性能下降甚至…...
详细介绍uni-app中Composition API和Options API的使用方法
uni-app 中 Composition API 和 Options API 的使用方法详解 一、Options API(Vue 2.x 传统方式) 1. 基本结构 Options API 通过配置对象的不同选项(如 data、methods、computed 等)组织代码: <template><…...
delphi7 链表 使用方法
在 Delphi 中,链表是一种常见的数据结构,用于存储一系列的元素,其中每个元素都包含一个指向列表中下一个元素的引用。在 Delphi 7 中,你可以手动实现链表,或者使用一些现有的集合类,例如 TList 或者 TLinke…...
Linux 系统中的算法技巧与性能优化
引言 Linux 系统以其开源、稳定和高度可定制的特性,在服务器端、嵌入式设备以及开发环境中得到了极为广泛的应用。对于开发者而言,不仅要掌握在 Linux 环境下实现各类算法的方法,更要知晓如何利用系统特性对算法进行优化,以提升…...
【C++系列】模板类型特例化
1. C模板类型特例化介绍 定义:模板类型特例化(Template Specialization)是C中为模板的特定类型提供定制实现的机制,允许开发者对通用模板无法处理的特殊类型进行优化或特殊处理。 产生标准: C98/03…...
K8S认证|CKS题库+答案| 7. Dockerfile 检测
目录 7. Dockerfile 检测 免费获取并激活 CKA_v1.31_模拟系统 题目 开始操作: 1)、切换集群 2)、修改 Dockerfile 3)、 修改 deployment.yaml 7. Dockerfile 检测 免费获取并激活 CKA_v1.31_模拟系统 题目 您必须在以…...
JAVA 对象 详解
对象 对象结构: 对象头(元数据和指向class的指针)、实例数据、对齐填充 数组对象: 对象头(元数据和指向class的指针)、数组长度、数组数据、对齐填充 对象创建: 一、当Java虚拟机遇到一条…...
MATLAB实战:四旋翼姿态控制仿真方案
以下是一个基于MATLAB/Simulink的四旋翼姿态控制仿真方案。本方案使用简化姿态动力学模型,并设计PID控制器进行稳定控制。 1. 四旋翼姿态动力学模型 核心方程:I * ω̇ ω (I * ω) τ 其中: I diag([Ixx, Iyy, Izz]) 为转动惯量矩阵 …...
基于Scala实现Flink的三种基本时间窗口操作
目录 代码结构 代码解析 (1) 主程序入口 (2) 窗口联结(Window Join) (3) 间隔联结(Interval Join) (4) 窗口同组联结(CoGroup) (5) 执行任务 代码优化 (1) 时间戳分配 (2) 窗口大小 (3) 输出格式…...
c++对halcon的动态链接库dll封装及调用(细细讲)
七个部分(是个大工程) 一,halcon封装函数导出cpp的内容介绍 二,c++中对halcon环境的配置 三,在配置环境下验证halcon代码 四,dll项目创建+环境配置 五,编辑dll及导出 六,调用打包好的动态链接库的配置 七,进行测试 一,halcon的封装及导出cpp的介绍 1,我这里…...
【优选算法】分治
一:颜色分类 class Solution { public:void sortColors(vector<int>& nums) {// 三指针法int n nums.size();int left -1, right n, i 0;while(i < right){if(nums[i] 0) swap(nums[left], nums[i]);else if(nums[i] 2) swap(nums[--right], num…...
QGraphicsView中鼠标点击与移动事件传递给MainWindow
在Qt图形应用程序开发中,QGraphicsView和QGraphicsScene框架提供了强大的2D图形显示功能。然而,当我们需要在主窗口(MainWindow)中处理这些视图中的鼠标事件。 问题背景 在典型的Qt图形应用程序架构中: MainWindow └── QGraphicsView└── QGraphicsScene└── QGra…...
【图片识别改名】如何批量将图片按图片上文字重命名?自动批量识别图片文字并命名,基于图片文字内容改名,WPF和京东ocr识别的解决方案
应用场景 在日常工作和生活中,我们经常会遇到需要对大量图片进行重命名的情况。例如,设计师可能需要根据图片内容为设计素材命名,文档管理人员可能需要根据扫描文档中的文字对图片进行分类命名。传统的手动重命名方式效率低下且容易出错&…...
RabbitMQ 的高可用性
RabbitMQ 是比较有代表性的,因为是基于主从(非分布式)做高可用的RabbitMQ 有三种模式:单机模式、普通集群模式、镜像集群模式。 单机模式 单机模式,生产几乎不用。 普通集群模式(无高可用性) 普通集群模…...
DAY 48 随机函数与广播机制
知识点回顾: 随机张量的生成:torch.randn函数卷积和池化的计算公式(可以不掌握,会自动计算的)pytorch的广播机制:加法和乘法的广播机制 ps:numpy运算也有类似的广播机制,基本一致 作…...
)
计算机基础知识(第五篇)
计算机基础知识(第五篇) 架构演化与维护 软件架构的演化和定义 软件架构的演化和维护就是对架构进行修改和完善的过程,目的就是为了使软件能够适应环境的变化而进行的纠错性修改和完善性修改等,是一个不断迭代的过程࿰…...
从零开始制作小程序简单概述
以下是结合案例的“从零制作小红书风格小程序”的全流程指南,采用小红书爆款笔记的结构呈现,并附CSDN参考资源👇: 一、核心开发步骤(附工具推荐) 账号与定位 ✅ 注册类型选择:个人店(…...
AI架构师修炼之道
1 AI时代的架构革命 与传统软件开发和软件架构师相比,AI架构师面临着三重范式转换: 1.1 技术维度,需处理异构算力调度与模型生命周期管理的复杂性; 1.2 系统维度,需平衡实时性与资源约束的矛盾; 1.3 价…...
三十五、面向对象底层逻辑-Spring MVC中AbstractXlsxStreamingView的设计
在Web应用开发中,大数据量的Excel导出功能是常见需求。传统Apache POI的XSSF实现方式在处理超大数据集时,会因全量加载到内存导致OOM(内存溢出)问题。Spring MVC提供的AbstractXlsxStreamingView通过流式处理机制,有效…...
Unity的日志管理类
脚本功能: 1,打印日志到控制台 2,显示日志到UI Text 3,将日志写入本地文件 这对unity开发安卓平台来说很有用 using System; using System.IO; using System.Text; using UnityEngine; using UnityEngine.UI;public class FileLo…...
)
【PhysUnits】17.2 配套变量结构体 Var(variable.rs)
一、源码 这段代码定义了一个泛型结构体 Var,用于封装数值类型并提供各种运算操作。 /** 变量结构体 Var* 该结构体泛型参数 T 需满足 Numeric 约束*/use core::ops::{Neg, Add, Sub, Mul, Div, AddAssign, SubAssign, MulAssign}; use crate::constant::Integer;…...