Help use docker geth for geth attach and watch log. Geth Command line path need to change for yourself env.
#!/bin/sh IFS=$'\n' echo $1 echo $2 case $2 in attach) docker exec -it $(docker ps -a --no-trunc | grep $1 | awk '{print $1}') geth attach --datadir=/root/.ethereum/devchain ;; log) docker exec -it $(docker ps -a --no-trunc | grep $1 | awk '{print $1}') tail -n 30 -f /root/geth.log ;; sh) docker exec -it $(docker ps -a --no-trunc | grep $1 | awk '{print $1}') sh ;; bash) docker exec -it $(docker ps -a --no-trunc | grep $1 | awk '{print $1}') bash ;; *) echo "command parms1: docker container name" echo "command parms2: attach (geth attach) or log (tail -n 30 -f) or sh or bash" esac
https://blog.kkbruce.net/2020/01/linux-windows-container-add-cert.html?fbclid=IwAR0d_LhzAYwatOZ-Ibl4mK7Ne-iAViwKT_UWcj0Wg52YlHTKzSFNDWcp-Hk#more
ubuntu
/usr/local/share/ca-certificates update-ca-certificates windows
Import-Certificate -FilePath ooxx -CertStoreLocation ooxx
https://qhh.me/2019/08/pod 文件定义在 /etc/kubernetes/manifests/kube-apiserver.yaml15/Kubernetes-%E8%B0%83%E6%95%B4-nodePort-%E7%AB%AF%E5%8F%A3%E8%8C%83%E5%9B%B4/
在 command 下添加 –service-node-port-range=1-65535 参数,修改后会自动生效,无需其他操作:
apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: component: kube-apiserver tier: control-plane name: kube-apiserver namespace: kube-system spec: containers: - command: - kube-apiserver - --service-node-port-range=1-65535 - --advertise-address=192.168.26.10 - --allow-privileged=true - --authorization-mode=Node,RBAC - --client-ca-file=/etc/kubernetes/pki/ca.crt - --enable-admission-plugins=NodeRestriction - --enable-bootstrap-token-auth=true - --etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt - --etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt - --etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key - --etcd-servers=https://127.0.0.1:2379 - --insecure-port=0 - --kubelet-client-certificate=/etc/kubernetes/pki/apiserver-kubelet-client.crt - --kubelet-client-key=/etc/kubernetes/pki/apiserver-kubelet-client.key - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname - --proxy-client-cert-file=/etc/kubernetes/pki/front-proxy-client.crt - --proxy-client-key-file=/etc/kubernetes/pki/front-proxy-client.key - --requestheader-allowed-names=front-proxy-client - --requestheader-client-ca-file=/etc/kubernetes/pki/front-proxy-ca.crt - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --secure-port=6443 - --service-account-key-file=/etc/kubernetes/pki/sa.
Error: User “system:serviceaccount:kube-system:default” cannot get resource “namespaces” https://github.com/fnproject/fn-helm/issues/21#issuecomment-545317241
kubectl create serviceaccount --namespace kube-system tiller kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}' helm init --upgrade --service-account tiller
On root home openssl req -nodes -newkey rsa:4096 -keyout certs/docker-registry.key -out certs/docker-registry.csr -subj "/C=/ST=/L=/O=/OU=/CN=docker-registry" openssl x509 -req -sha256 -days 365 -in certs/docker-registry.csr -signkey certs/docker-registry.key -out certs/docker-registry.crt docker run -dp 5000:5000 --name registry -v "$(pwd)"/certs:/certs \ -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/docker-registry.crt \ -e REGISTRY_HTTP_TLS_KEY=/certs/docker-registry.key \ registry nano /etc/hosts > 192.168.99.118 docker-registry cd /etc/docker mkdir certs.d cd certs.d mkdir docker-registry:5000 cd docker-registry:5000 cp ~/certs/docker-registry.crt ca.crt ===== check registry is working docker image pull busybox docker image tag busybox docker-registry:5000/mybusybox docker image push docker-registry:5000/mybusybox docker run --rm docker-registry:5000/mybusybox echo "Hello from busybox" // docker rmi busybox docker-registry:5000/mybusybox docker run --rm docker-registry:5000/mybusybox echo "Hello from busybox" ===== remove registry docker container stop registry && docker container rm -v registry https://jkzhao.
再分享早上碰到docker穩定度問題,docker內到外網是靠本機的iptables做Nat出去,早上就發現運行很久的docker container,突然不送資料到ELK,一查發現DNS掛了,這之前也碰到幾次了,基本上不是中心DNS掛了,而且Docker本身架構的DNS掛了,基本上只要重啟docker service後就正常,無需對主機重啟,而重啟docker service是一件很嚴重的事情,因為上面所有的服務都會一併被下線,之後還要在把運行的服務全部重新上線…
也許我的理解是錯誤,但只能以目前的情況來判斷,也許是iptables nat轉換的問題,但本機沒有重開機,理論上就沒有這個問題才是。
https://www.pigo.idv.tw/archives/3322
