1. 添加K8S 自动补全命令
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc
2. flannel网络插件Pending
1).我遇到的错是:- --iface=*不能匹配所有机器,更改yaml文件
$ vi kube-flannel.yml
...
containers:
- name: kube-flannel
image: 10.168.1.232:5000/coreos/flannel:v0.11.0-amd64
command:
- /opt/bin/flanneld
args:
- --ip-masq
- --kube-subnet-mgr
- --iface=ens33 # 节点1的网卡
- --iface=ens32 # 节点2的网卡把所有机器的网卡都列举出来
resources:
requests:
cpu: "100m"
...
2).更改flannel网络为host-g模式
#修改flannel的网络
$ kubectl edit cm kube-flannel-cfg -n kube-system
# 删除网络pod,自动重建
$ kubectl -n kube-system delete pod kube-flannel-ds-amd64-4thh5 kube-flannel-ds-amd64-85qsn kube-flannel-ds-amd64-92znh
$ kubectl -n kube-system get pod
3. K8S 删除cattle-system的namespace为Terminating状态解决方案
删除Rancher依赖的namespace(cattle-system),状态一直是Terminating。无法重新添加
[root@kuiper-master kubernetes]# kubectl get namespace
NAME STATUS AGE
cattle-fleet-system Active 29d
cattle-impersonation-system Active 29d
cattle-system Active 29d
default Active 30d
dev Active 25d
ingress-nginx Active 28d
istio-system Active 15d
jenkins Active 27d
kube-node-lease Active 30d
kube-public Active 30d
kube-system Active 30d
local Active 29d
logging Active 29d
monitor Active 28d
mps-cloud Active 5d23h
test Active 16d
解决办法
kubectl patch namespace cattle-system -p '{"metadata":{"finalizers":[]}}' --type='merge' -n cattle-system
kubectl delete namespace cattle-system --grace-period=0 --force
kubectl patch namespace cattle-global-data -p '{"metadata":{"finalizers":[]}}' --type='merge' -n cattle-system
kubectl delete namespace cattle-global-data --grace-period=0 --force
kubectl patch namespace local -p '{"metadata":{"finalizers":[]}}' --type='merge' -n cattle-system
for resource in `kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get -o name -n local`; do kubectl patch $resource -p '{"metadata": {"finalizers": []}}' --type='merge' -n local; done
kubectl delete namespace local --grace-period=0 --force
4. jenkins在代码扫描时sonar status is ‘PENDING’
如下报错,Checking status of SonarQube task 'XXXXXXX' on server 'sonar' SonarQube task 'XXXXXXXXX' status is 'PENDING'
sonar一直在pending状态,直到超时。原因是代码还在质量检测中,pipline就执行了waitForQualityGate()没有在sonar中添加jenkins webhook来反馈结果,所以有卡住的线性。有3种解决办法,第一种就是添加webhook反馈结果,这里不讲,也不是我的解决方案,其他2种。
1. 查看后台的运行时间,让waitForQualityGate() 在这个时间后执行,缺点:等待时间不确定。
pipline代码如下:
withSonarQubeEnv('sonarqube') {
sh "sonar-scanner -X;"
sleep 5
}
if (this.waitScan) {
// 就这这里添加延时,保证sonar后台执行完毕后在执行 waitForQualityGate()
sleep 120
timeout(time: 3, unit: 'MINUTES') {
def qg = waitForQualityGate()
String stage = "${env.stage_name}"
if (qg.status != 'OK') {
this.msg.updateBuildMessage(env.BUILD_TASKS, "${stage} Failed... **×**")
updateGitlabCommitStatus(name: "${stage}", state: 'failed')
error "Pipeline aborted due to quality gate failure: ${qg.status}"
} else {
this.msg.updateBuildMessage(env.BUILD_RESULT, "${stage} OK... **√**")
updateGitlabCommitStatus(name: "${stage}", state: 'success')
}
}
} else {
echo "skip waitScan"
}
2. 获取sonar扫描的报告,查看是否通过 (我的解决方案)。
withSonarQubeEnv('sonarqube') {
sh "sonar-scanner -X;"
sleep 5
}
if (this.waitScan) {
// sleep 120
timeout(time: 10, unit: 'MINUTES') {
//新增
String authString = "${this.userName}:${this.passWord}"
def reportFilePath = "target/sonar/report-task.txt"
def reportTaskFileExists = fileExists "${reportFilePath}"
if (reportTaskFileExists) {
echo "Found report task file"
def taskProps = readProperties file: "${reportFilePath}"
echo "taskId[${taskProps['ceTaskId']}]"
while (true) {
sleep 20
def taskStatusResult =
sh(returnStdout: true,
script: "curl -s -X GET -u ${authString} \'sonarqube:9000/api/ce/task?id=${taskProps['ceTaskId']}\'")
echo "taskStatusResult[${taskStatusResult}]"
def taskStatus = new JsonSlurper().parseText(taskStatusResult).task.status
// Status can be SUCCESS, ERROR, PENDING, or IN_PROGRESS. The last two indicate it's
if (taskStatus != "IN_PROGRESS" && taskStatus != "PENDING" && taskStatus != "") {
break;
}
}
}
String stage = "${env.stage_name}"
this.msg.updateBuildMessage(env.BUILD_RESULT, "${stage} OK... **√**")
updateGitlabCommitStatus(name: "${stage}", state: 'success')
}
} else {
echo "skip waitScan"
}
5 Docker容器中清理
docker image prune
- 清理none镜像(虚悬镜像)
- docker image prune 没被标记且没被其它任何镜像引用的镜像
docker image prune -a
- 清理无容器使用的镜像
- 默认情况下,系统会提示是否继续。要绕过提示,请使用 -f 或 --force 标志。
- 可以使用 --filter 标志使用过滤表达式来限制修剪哪些镜像。例如,只考虑 24 小时前创建的镜像
$ docker image prune -a --filter "until=24h"
