k8s模式部署PolarDB-X

當前文檔適配PolarDB-X V2.4.0 版本
環境描述：

部署機（ops）1x2.2x.2x8.116，部署機需要可以訪問互聯網。使用ansible進行部署，自行安裝ansible。需要部署兩個k8s集群，分別在其上安裝一個polardb-x集群。

在這里插入圖片描述

部署步驟：
環境準備：
BIOS 設置

k8s集群的全部機器均需設置，不同類型 CPU 平臺及服務器廠商的 BIOS 設置界面有較大區別。在部署數據庫前，建議參考服務器廠商文檔，檢查以下 BIOS 參數是否設置正確：
在這里插入圖片描述

安裝ansible

登陸部署機
ssh 1x2.2x.2x8.116
yum install ansible python-netaddr -y
建立ansible配置文件
vi $HOME/all.ini

[all]
1x2.2x.2x8.116  # ops[k1]
1x2.2x.2x7.6 ansible_ssh_port=22
1x2.2x.2x7.7 ansible_ssh_port=22
1x2.2x.2x7.8 ansible_ssh_port=22
1x2.2x.2x7.9 ansible_ssh_port=22
[k2]
1x2.2x.2x7.5 ansible_ssh_port=22
1x2.2x.2x7.10 ansible_ssh_port=22
1x2.2x.2x7.11 ansible_ssh_port=22
1x2.2x.2x7.12 ansible_ssh_port=22[all:vars]
registry=1x2.2x.2x8.116

配置文件路徑放入環境變量：

export ini_file=$HOME/all.ini
服務器免密

打通 ops 與所有服務器的免密登錄：

生成 ssh 密鑰

ssh-keygen -q -t rsa -N ‘’ -f ~/.ssh/id_rsa <<<y

自動添加 known_hosts

echo “StrictHostKeyChecking no” >> /etc/ssh/ssh_config

打通 ssh 免密, ini_file 指定上述服務器列表

ansible -i ${ini_file} all -m authorized_key -a " user=root key="{{ lookup(‘file’, ‘/root/.ssh/id_rsa.pub’) }} " " -u root --become-method=sudo --ask-become-pass --become -k
配置系統參數
配置時區/時鐘

批量設置服務器時區，時鐘。如果是生產環境部署，建議配置 NTP 服務以保證服務器時鐘保持同步

ansible -i ${ini_file} all -m shell -a " timedatectl set-timezone Asia/Shanghai "
ansible -i ${ini_file} all -m shell -a " date -s ‘date '+%Y-%m-%d %H:%M:%S'’ "

完成后，用以下命令檢查服務器時鐘：

ansible -i ${ini_file} all -m shell -a " date ‘+%D %T.%6N’ "
配置 /etc/hosts

如果需安裝私有 Docker 鏡像倉庫，需要修改服務器 /etc/hosts 文件，加入 registry 域名（本預研環境docker倉庫就部署在116上）：

ansible -i ${ini_file} all -m shell -a " sed -i ‘/registry/d’ /etc/hosts "
ansible -i ${ini_file} all -m shell -a " echo ‘1x2.2x.2x8.116 registry’ >> /etc/hosts "
配置 sysctl.conf

vi $HOME/sysctl.conf
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120

see details in https://help.aliyun.com/knowledge_detail/39428.html

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2

see details in https://help.aliyun.com/knowledge_detail/41334.html

net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

kernel.sysrq=1

net.core.somaxconn = 256
net.core.wmem_max = 262144

net.ipv4.tcp_keepalive_time = 20
net.ipv4.tcp_keepalive_probes = 60
net.ipv4.tcp_keepalive_intvl = 3

net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_fin_timeout = 15

#perf
kernel.perf_event_paranoid = 1

fs.aio-max-nr = 1048576

更新服務器 sysctl.conf 配置文件：

ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/sysctl.conf dest=/etc/sysctl.conf "

在服務器上加載最新配置：

ansible -i ${ini_file} all -m shell -a " sysctl -p /etc/sysctl.conf "
關閉防火墻

ansible -i ${ini_file} all -m shell -a " systemctl disable firewalld "
ansible -i ${ini_file} all -m shell -a " systemctl stop firewalld "
禁用 SELinux

vi $HOME/selinux

This file controls the state of SELinux on the system.

SELINUX= can take one of these three values:

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing.

disabled - No SELinux policy is loaded.

#SELINUX=enforcing
SELINUX=disabled

SELINUXTYPE= can take one of three values:

targeted - Targeted processes are protected,

minimum - Modification of targeted policy. Only selected processes are protected.

mls - Multi Level Security protection.

SELINUXTYPE=targeted

ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/selinux dest=/etc/selinux/config "

ansible -i ${ini_file} all -m shell -a " setenforce 0 "
禁用交換分區

ansible -i ${ini_file} all -m shell -a " swapoff -a "
ansible -i ${ini_file} all -m shell -a " sed -i ‘/=SWAP/d’ /etc/fstab "

配置K8s 部署對應目錄的軟鏈接
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/kubelet"
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/kubelet /var/lib/kubelet "
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/docker "
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/docker /var/lib/docker "
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/data-log "
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/data-log /data-log "
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/filestream "
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/filestream /filestream "
安裝常用工具

ansible -i ${ini_file} all -m shell -a " yum install mysql -y "
ansible -i ${ini_file} all -m shell -a " yum install dstat iostat htop -y "

配置docker私有倉庫

所有k8s相關節點安裝docker

ansible -i ${ini_file} all -m shell -a " yum install docker-ce -y "
啟動服務

使用私有 Dokcer 鏡像倉庫，要求在 daemon.json 加入以下配置：

cat > $HOME/daemon.json<< EOF

{
“exec-opts”: [“native.cgroupdriver=systemd”],
“insecure-registries”: [“registry:5000”]
}

EOF

ansible -i ${ini_file} all -m shell -a " mkdir /etc/docker "
ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/daemon.json dest=/etc/docker/daemon.json " -u root

ansible -i ${ini_file} all -m shell -a " systemctl daemon-reload "

ansible -i ${ini_file} all -m shell -a " systemctl enable docker "
ansible -i ${ini_file} all -m shell -a " systemctl restart docker "

ansible -i ${ini_file} all -m shell -a " docker ps -a "
啟動鏡像倉庫

只需要在一臺服務器上運行私有鏡像倉庫，通常我們選擇在部署機（ops）上啟動鏡像倉庫。部署方法非常簡單，只需要 3 個步驟：

首先，下載 Docker 鏡像倉庫的容器鏡像：

docker pull registry
運行以下命令創建 Docker 容器：

docker run -d --net=host -p 5000:5000 --restart=always --name registry registry
檢查鏡像倉庫的 Docker 容器是否正常運行：

docker ps
部署工具下載和倉庫鏡像配置
安裝pxd工具

yum update -y
yum install -y python3

python3 -m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install -i https://mirrors.aliyun.com/pypi/simple/ --upgrade pxd

pxd version
配置部署工具和PolarDB-X 相關 Docker 鏡像

mkdir /data/pxd
cd /data/pxd
vi images.list

polardbx/polardbx-sql:v2.4.0_5.4.19
polardbx/polardbx-engine:v2.4.0_8.4.19
polardbx/polardbx-cdc:v2.4.0_5.4.19
polardbx/polardbx-columnar:v2.4.0_5.4.19
polardbx/polardbx-operator:v1.6.0
polardbx/polardbx-exporter:v1.6.0
polardbx/polardbx-hpfs:v1.6.0
polardbx/polardbx-init:v1.6.0
polardbx/polardbx-clinic:v1.6.0
polardbx/xstore-tools:v1.6.0
polardbx/probe-proxy:v1.6.0
prom/mysqld-exporter:master
quay.io/prometheus/prometheus:v2.22.1
quay.io/prometheus/alertmanager:v0.21.0
quay.io/brancz/kube-rbac-proxy:v0.8.0
quay.io/prometheus/node-exporter:v1.0.1
quay.io/prometheus-operator/prometheus-operator:v0.44.1
quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1
grafana/grafana:8.5.27
kubesphere/kube-state-metrics:v2.3.0
directxman12/k8s-prometheus-adapter:v0.8.2
polardbx/polardbx-logstash:latest
docker.elastic.co/beats/filebeat:8.9.0

執行下面命令保證images.list更新到最新

curl -s “https://polardbx-opensource.oss-cn-hangzhou.aliyuncs.com/scripts/get-version.sh” | sh
pxd download --env k8s --arch amd64 --repo “registry:5000” --dest /data/pxd/ -i images.list

配置k8s相關鏡像

docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.0
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.21.0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.0
docker pull registry.aliyuncs.com/google_containers/etcd:3.4.13-0
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.0
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.0
docker pull registry.aliyuncs.com/google_containers/pause:3.4.1
docker pull docker.io/calico/cni:v3.15.1
docker pull docker.io/calico/pod2daemon-flexvol:v3.15.1
docker pull docker.io/calico/node:v3.15.1
docker pull docker.io/calico/kube-controllers:v3.15.1
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.0 registry:5000/kube-apiserver:v1.21.0
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.21.0 registry:5000/kube-proxy:v1.21.0
docker tag registry.aliyuncs.com/google_containers/coredns:v1.8.0 registry:5000/coredns/coredns:v1.8.0
docker tag registry.aliyuncs.com/google_containers/etcd:3.4.13-0 registry:5000/etcd:3.4.13-0
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.0 registry:5000/kube-controller-manager:v1.21.0
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.0 registry:5000/kube-scheduler:v1.21.0
docker tag registry.aliyuncs.com/google_containers/pause:3.4.1 registry:5000/pause:3.4.1
docker tag docker.io/calico/cni:v3.15.1 registry:5000/calico/cni:v3.15.1
docker tag docker.io/calico/pod2daemon-flexvol:v3.15.1 registry:5000/calico/pod2daemon-flexvol:v3.15.1
docker tag docker.io/calico/node:v3.15.1 registry:5000/calico/node:v3.15.1
docker tag docker.io/calico/kube-controllers:v3.15.1 registry:5000/calico/kube-controllers:v3.15.1
docker push registry:5000/kube-apiserver:v1.21.0
docker push registry:5000/kube-proxy:v1.21.0
docker push registry:5000/coredns/coredns:v1.8.0
docker push registry:5000/etcd:3.4.13-0 
docker push registry:5000/kube-controller-manager:v1.21.0
docker push registry:5000/kube-scheduler:v1.21.0
docker push registry:5000/pause:3.4.1
docker push registry:5000/calico/node:v3.15.1
docker push registry:5000/calico/pod2daemon-flexvol:v3.15.1
docker push registry:5000/calico/cni:v3.15.1
docker push registry:5000/calico/kube-controllers:v3.15.1

安裝k8s

在部署機（ops）上編輯 kubernetes.repo 配置文件：

vi $HOME/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/kubernetes.repo dest=/etc/yum.repos.d/ " -u root
服務部署

ansible -i ${ini_file} all -m shell -a " yum install --nogpgcheck -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0 "
啟動主節點

登錄規劃的主節點

模擬數據中心A環境在253.5部署，模擬數據中心B環境在253.6部署

ssh 1x2.21.253.5

kubeadm init --image-repository=registry:5000 --kubernetes-version=v1.21.0 --pod-network-cidr=10.244.0.0/16 --v=5

253.6同上執行

253.5成功后結尾輸出如下：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(i d ? u) :$ (id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 1x2.2x.2x7.5:6443 --token ex75w9.xlbgj61avvywq2yp
–discovery-token-ca-cert-hash sha256:302744a4fa996a95f6f64406efbeb29b4da7feb03ce8d02c8c8e2bba01b9dad4

253.6成功后結尾輸出如下：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(i d ? u) :$ (id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 1x2.2x.2x7.6:6443 --token 9yywt3.59cfgnaxw6xp0wzl
–discovery-token-ca-cert-hash sha256:13705e50c00591ce1838478dbc43ceb04ddb18dd2703d308bc10648766ca1685
加入工作節點

模擬數據中心A登陸工作節點(此步驟中心內逐個工作節點均需要執行)

ssh 1x2.2x.2x7.10

kubeadm join 1x2.2x.2x7.5:6443 --token ex75w9.xlbgj61avvywq2yp
–discovery-token-ca-cert-hash sha256:302744a4fa996a95f6f64406efbeb29b4da7feb03ce8d02c8c8e2bba01b9dad4

模擬數據中心B登陸工作節點(此步驟中心內逐個工作節點均需要執行)

ssh 1x2.2x.2x7.7

kubeadm join 1x2.2x.2x7.6:6443 --token 9yywt3.59cfgnaxw6xp0wzl
–discovery-token-ca-cert-hash sha256:13705e50c00591ce1838478dbc43ceb04ddb18dd2703d308bc10648766ca1685

這個join語句即是初始化主節點時最后輸出的語句，如果token過了有效期，可以去主節點重新生成

kubeadm token create
配置 kubectl

在部署機（ops）安裝 kubectl 客戶端：

ssh 1x2.21.228.116

yum install kubectl-1.21.0 -y

kubectl工具管理k8s集群需要集群的配置文件/etc/kubernetes/admin.conf，為了同時管理模擬數據中心A和B的兩個集群將兩份文件都拷貝到ops機并文件合并為 /data/pxd/config-mdc，為kubectl自定義該控制文件路徑時需要一個環境變量$KUBECONFIG

export KUBECONFIG=“/data/pxd/config-mdc”

scp 1x2.2x.2x7.5:/etc/kubernetes/admin.conf /data/pxd/config-dca

查看文件內容

vi /data/pxd/config-dca
apiVersion: v1
clusters:

cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EVXlOREF6TWpFd01sb1hEVE0wTURVeU1qQXpNakV3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTnJXClVnakVWS3o0Q2kybUJBbExqVkRZZmtUWStiQXZuNEdla093M3FtL0xtMjk5b2JBdW5sRVN0eGw5a0xuVHExSXIKNCtNRzhtamM0dlZRcU9wZHp2THF3anZnOHR4aGIrSnFpNTQyWUl3bEdEaTR6OTA5dllDVDliTDlBUWczVkxYZgo2cUpwbDhPSFdTMDBFNUNBTkJSc3E1VlNLMlh0c3dFL3p5NkliTTk3Vjd6N1l5cFRXa0FKdk1XTFowOEFwY0ZYCmp6a0piRjNac0gyQWt0VWhXNDBjaC9wTk9oUTREZFM0S2U4YU5PVFMzT3RhT2xvc2U2R2x0ZWxVbkxBL2x2MUUKOFRnT2YybFVoOHpzRDhlWlkya0FkdjIzZU1ieVF0RlBJbVpBMFJkQUthd0dqcGZ6U0xsZVo5ckJxNlY5b0c5ZQpoeGtKWldEdHpMQU5MVytXelMwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCUWluZUFxMm1aNStrVE0zY2gzdysxUVRiYmxNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCM0xrTCtDL2lpaFZIeXpPbUp2cENPTExTVHRDdmE0NDZzWWZVQnZ6OFlJKzVMT1RLSwpjc2xnaWxET1FEUTBFc2ZucUp3M2NtaytNLzhMc2o1VVlBeVp4SVRrbVFIbjdGRGJOdlBuckJrVmF4UGxrRGpiCjg5OGZJS0N6Q2NuN1g3aTFQZVVLMzVSSFZwVU5jSjNka0R3Yk9pUFBYbXJicWw3RU15K0s5eGk5RkY3UjdOTnEKUEVXNkJPQ0JwSEpGZTEwUFRtY1hLa1pkM2JvZHMxQnNHcXpFWG84QmtyYjE0WERqWXN4SUc4UEl3RVM2SlFBKwpuamtlUHpMQS9HblVFZnYvOHMwUDRhN3dPVUYvMkliUVpyZE15YXNxYlczTEFxV3J6V3g1OUVldDlYQmhxbTRwCmdCdlNxdVNwWmFEZGVSc0paeXIwUGpBaTVMZ3hvaG9BV0NORAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.5:6443
name: kubernetes
contexts:
context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWXV3WEdDbHF6N3N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBMU1qUXdNekl4TURKYUZ3MHlOVEExTWpRd016SXhNRFphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlMTUdHVVJXdTZnZzBmZjEKcGlxYnFqdXZGWlFOQm9iTlNtd1hpSDdqUkxPdmRrVzNwdkRSR0lmV1lvdGpNUDZydTdjVzRZbDBMeDIycEdodgpiRkhUWFFvUENmUzhOK1lsNEp3TFNqYnNBSDdpMW00NVVNNWZHenJlbHhqTjRHS0sxSVFPR2pwWjRyUkpZOHBZCmhSUExuRXBHWGpyVW0wWXZGYkFseW84bDFWQVZ5WTh6UzlUL0JKY0JvcjE0MHZtNkRXNDFFeEx0N2JRT0lCRGIKbmVtdWxDMFFmV1EzallKRUEvbFpRN0FUZ0tyblIzSGhZS0Z3enFmU2NDK1VyOVlnRWlwODRzODBQN0Q3a1ZZcApBVzdaYW5PZ2duYituaTFJSXlvY0FoTGVOQVRYbE9qaWJEc1RBUG44SS9qZHNmaksyVk82bXk4UkFyZnhsdXlXClVjL2VPUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRVUlwM2dLdHBtZWZwRXpOM0lkOFB0VUUyMgo1VEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBUEtLSG5VcFJ0b0ZXZEE5aFV6TmNaQy8rOXByc0lhZkwwVGplCm94aUpQWENYOGtyWTVzbko2M2IwemFNSEs1Rzh2OEJIYTFDT0V4VXp2c3JZY05oanBET2hZVUhSenNMN1FVUUMKQjVnclhuZmdSZGJrSzhkUkNINTN1UXpBLzZQRXZRbDVrYzMxbjd6Y1Y3eEM4L3lVSWpUaHdHUjUzZ3ZqSHhKSQozbzdRaHVYaTlPUmhnTWxVL3BCNkZ0amMvVzIvODNyaFdEdC9UOFhXSGNiUVRkQm0va0NLNnhubzJ4UnNPbEltClNTMnBsWUk1K2QyVGlGeFdVZmttaWRkSld0MzdGbC9KbURVaWpOUGZuUXAwd0dxRURuNG9nWlFmRFBFSE5IcWwKd000T3BSeHIwbVBhdkRiYnlDL0xKZGN6b1lxYzZLaGxZbURuSENDTk1aSkZMRHl0ZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeUxNR0dVUld1NmdnMGZmMXBpcWJxanV2RlpRTkJvYk5TbXdYaUg3alJMT3Zka1czCnB2RFJHSWZXWW90ak1QNnJ1N2NXNFlsMEx4MjJwR2h2YkZIVFhRb1BDZlM4TitZbDRKd0xTamJzQUg3aTFtNDUKVU01Zkd6cmVseGpONEdLSzFJUU9HanBaNHJSSlk4cFloUlBMbkVwR1hqclVtMFl2RmJBbHlvOGwxVkFWeVk4egpTOVQvQkpjQm9yMTQwdm02RFc0MUV4THQ3YlFPSUJEYm5lbXVsQzBRZldRM2pZSkVBL2xaUTdBVGdLcm5SM0hoCllLRnd6cWZTY0MrVXI5WWdFaXA4NHM4MFA3RDdrVllwQVc3WmFuT2dnbmIrbmkxSUl5b2NBaExlTkFUWGxPamkKYkRzVEFQbjhJL2pkc2ZqSzJWTzZteThSQXJmeGx1eVdVYy9lT1FJREFRQUJBb0lCQVFDQzErUHorUStxaS9QSgpyNlJnem9wcHN6dDBEKzlsLytBNjBybU03Vnh4WDh2V2lhRXZudlJTejh3K3RxeldObEh6c1d1alloOXkwQ1pRCmpSMkhPdGxYWU1WcE1qcTdIcm8yOHNTUmY3amdvZGgwLzZzeU9UamI0Y2RZTG4yWitlU1VvL3Nsc2tFRGdaSVAKRXM0ZkJFYkwvOGhjaW5JdFFOWlZoMTg3N1pNMnV6VFdwTXpzZHBPamh0bk1NTGRqaEtCK3lBRXQ1bnVIZmYrNQo1K2hzSXN1NC85aWtNNnduYWdMaUMxdEoydHZLYksvdW1JTVRGdmwxcmJ2MXJMVUwycHJkYjhVeDEvV2RocXhPCldnQ2NsYzhxTmN2bnBkTTduVGdhYzc1cG91cXUyVEdkRmVKb1FZUFJWcjFSTTJkaG1PTDA5cWZyZmwxcHdxazEKTmpBYUdYTmhBb0dCQVBXbmorZ01wZFJiSU41RWovTHorV1ZNdUxIWlRVcmJ0T3R0bW85Y05iSFowR0xsSzM5ZwpOMytKd0ExQXdmY2RhUldHbGhqV0F5RmpjcHhCVHo4Wi94dTg0ZXg4bmM4UU9uY0lOSDJWTXdaWWg5aVBiQ08xCksvTTJoL1BtWlBvajg5ZERaQTZQbjAvSURZMGY5OVhvNXVaT2pScU1qcEZxT21xUkJiWjVQZ21WQW9HQkFORW0KeXZEN0V1N3NwaXZodldLcG83QVUwU3VkdHc2RFZueWIwTmVNK1orTCtpUXJZQUs3RU4vTWttV2k5R2Q5MkdOSQpoT3NMUERrc2ZlMi9WTmdPZDF5VUF5MUFXc24zNVA0N2R6Wi9jOUw1V1hPc2hhZXlYdGJpdGs2MXpRdXVXdU5CCjFlOFFKalNqdHpsRlR4TUxORTQ1V2ZlTy9hQ2lDbVhSYUE4U0VZRVZBb0dBWEpoWGZ4RmRaSWtnLzRiNmQ0cU4KQkNrQ0tVK09lZHdNK3Z6cVdJVmFXL3FOT09uSEZwRXUraXp6TGt1dGtUY055Q1pkNTJpcjcyYnI2WWdZbGVGMwpybjNvN3RvZUpkR3BKL3I0eGlsNS9UZGJwVDZTZFhjeDVOQTJPTElzZDdrYmpaV0NYcGEyWnoweUZuTHBXVUViCjM4M1dGQjdORW5Ubkpnb2FEQ2p4UUcwQ2dZQlBjZ3JZYXFhUWR2ZlA1MW1HNXFVMHQxT1UyNzJ6RjVSOGxMdEoKaFZVMGsza2EwQmNTTW5pQWFqYVp3TUpScFczU21MTlVqTm45WmJjWDNmdWViakJNekRSQXRoZEdiSkZoT0xsWgp6Q1AwMlo1dTMvT005YVlzdmNVK05MU0VZV0JJdnJOQ3NjR3hjUmFoL0gvQzNoaXFOZ0xFbEY0bTdDWkM4cjR5CkswelcyUUtCZ1FDV2FhL1Nva3NuSnFCbytDMWhtZVY1a3VqWTA2R0JFRk10VXNIQ1k5YzlIUnEvMXFuMXJCR2wKb1pFbjFIQnJKZUJ5UWk5b0VrNXJWMm9UbWhXYUdOM3JiMDlxZGs3SFRwWEVtSlFJdXkwK2VnaVFnNUNxdENybgpjZlJaWlBCSjNPa0FIN3hoODAvUmJMRXkvUWRHZ2tKVkQ4b2FkWk54TVZjZFRUaklVL1V6amc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

scp 1x2.2x.2x7.6:/etc/kubernetes/admin.conf /data/pxd/config-dcb

查看文件內容

vi /data/pxd/config-dcb
apiVersion: v1
clusters:

cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1ERXpNVEE1TVRJMU5Gb1hEVE0wTURFeU9EQTVNVEkxTkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTC9tCnhxZ093ZG0yMW5ZdVkrT0ZGR2xDZk8rYTdjREJWdzBoVnZnM1dRTkNUZlVEMllicUlmYlhCa2crdVFkSWkzdTUKYUlLWHNxSjZYelc2MzZBYWtiYit3ZFZabVdXeDAxZ3lzbTg0ejRRRTlSZjdoV25GSmN4YTVRZjJjNmlaeFd0RQpEMGdqek1YMm5pMFBUS05oQzI4Y055U21yTGNOczIwcWpkOFYyVml5VE51TklVVjlUMWl0cjc2eUlDdTRtL3UyCm5qL054cUlPT0xjNHM0SWhoVW5vcno3VnR4b1lLRFZQOFlDMUFGNlJYMmMxSVV4MVg2aHg1NXVjVDIyblRtMFcKcG5vS2N5eGtxdUVXUVo5Qjc0bm1NQ2R3c2I1Yy90VTNhRUYzYTZhSmN6MjkvUGRqMlhpQ2lkRlh4MTd6aE1PUwp0ZWRiUXNHVDFKcEhVd1g0aEwwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOaENWVHI1bTBXc0tpUUpXQS80a00xVmN2RG5NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCQnF4TGdiSTg0aVpBQUlhbzZQR0k2UlFUQndoS1lMdnNWSkVuNTc1eWV2ZTlTdmd0OQo2c2lML0Jka2JscWc2c3BMTlZESTg4TVplRG02b01sVTVJa2lXSHpzd2dBeDNYdzY0LzdFNmtKQnlFUUlIdWNWCmJZOWRtMW5GZjV4bWpNVVhwUVl4V1poOWNBTXBUWWkrVnp1cm5lZ2pHK2laNHV2TW5QUTd0THBUQmU1WWxJZzIKYi9oWkZnMmczTUNHbU1LaWRWVEJ1MzM4RXdteDZTRVhMdTVvNlV1MHlMRWhZNVJTam90UWtsTHppclNXd245egovcFl3R3NDZE9sZzM5RFlmbmsvd2RZaEd1L2prdGZtaDRYY1cwZ1dJbEdaNDJFNE5ncWpEQk9VazFmdnhQUER0CnJFaEhNTlUrQVBoanhJdHRvdzVBNm93SFNHdzQrcTdPYWQ4UAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.6:6443
name: kubernetes
contexts:
context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWFZxMXZRbm54cEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBeE16RXdPVEV5TlRSYUZ3MHlOVEF4TXpBd09URXlOVGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZRMmFoRm1qN3NPY0duUS8KRkNhUmRUMCtTS05qUXpwWHJ6cGdDOFgrQ1hBdXBBTjFlWk13Mm0yTGR3VC9FZmpJeVY4SUNkMHd2a25KUWY0agpEQTNvMW1NR0RnSVBQamV6VzNObHAvR3d0MDdIYmlwaXNWdlY4aDQ5TEEyNXRLYmJuVi9wUU1CTXRlUHV1Y2VICk1sRmFjK1RzL2szNVdCS1gwUGhsUGZIYkJtMEkzZFdBWWU1NTFjVXArTDNYZjBNQ1g5b2RMOW1uSGxmVUR0Q08KM3Q3amdpY3I2ZmttRmJldGFGbE1NMXo3OUxrTlY5MFRhNUxCenZSOHo0OUhIMkdMTHJOT0FDOC9RNGRFeUV1MApiSklqT1VBMFdLaXh3blE2OWlBRlhPSlRSTmV3ZzdHVzVueEU5S1dlS2dCSHlyM1ZMb1kxTjlzYnNFTllCV1ZyCi8yZFowd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUWVFsVTYrWnRGckNva0NWZ1ArSkROVlhMdwo1ekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBVHpDNVF3RkR6ekVlRUNsdjJUaDBzRmZ6bllrTmlBOFBzZjJJCktEZGRDRFRQdHVrSU1mZXc4Q3JNV2hqbGo4MTVZTTc5UGlKSEp1YTVxVGRtN3Y3NGJuQ3ZBdDJZT25ubTc1Z2YKL08vTGFRdXdUUVhHTWNwa2xZYUVXS2ExRWVRS2cxVlV5aXAyMDhRNDd3RGlPcHdJWXBIL0l1MGRuTlM2eUZaMApENFhqUTk0ZVdsVVd4RXF2RGJqY0RVOVUvVjBZMzI4S1Rsc3ozbkNTZitsV0hROFRncHRzQU94UVhtd3BuR1YyCjNuVDdsL1VYZEpZVDFMWE8yUXRCdjZuZS8zaEYwVmEzbUcrRjR1Q1pDZHhkckxSL05xK3VSaC9QY04zWkhjY2sKRmR1NG5mbEQ3eFFrTzJGRUU3b0RONFM0bm1ZSVBadmtHVHlMd2p1eTZwVk1iTnk4WFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdlEyYWhGbWo3c09jR25RL0ZDYVJkVDArU0tOalF6cFhyenBnQzhYK0NYQXVwQU4xCmVaTXcybTJMZHdUL0Vmakl5VjhJQ2Qwd3ZrbkpRZjRqREEzbzFtTUdEZ0lQUGplelczTmxwL0d3dDA3SGJpcGkKc1Z2VjhoNDlMQTI1dEtiYm5WL3BRTUJNdGVQdXVjZUhNbEZhYytUcy9rMzVXQktYMFBobFBmSGJCbTBJM2RXQQpZZTU1MWNVcCtMM1hmME1DWDlvZEw5bW5IbGZVRHRDTzN0N2pnaWNyNmZrbUZiZXRhRmxNTTF6NzlMa05WOTBUCmE1TEJ6dlI4ejQ5SEgyR0xMck5PQUM4L1E0ZEV5RXUwYkpJak9VQTBXS2l4d25RNjlpQUZYT0pUUk5ld2c3R1cKNW54RTlLV2VLZ0JIeXIzVkxvWTFOOXNic0VOWUJXVnIvMmRaMHdJREFRQUJBb0lCQVFDWXlYYTRRYzNYK0NTZgp5SlQyRHhsOVc2cUxmK2lIKzQzRDR2U2ViendZbXA1SEZUaUtzYWRJMEVGblJoVnlpOUtSMUFpbUdDbjlqNXBrCmlDUUE2UGprMHBDaEg0NzhKSDRDaWFkOWJEbjZXMk9YcUErczhPQmVWWXZ3bjRNVytjY0JUL010em52d2dDNTkKM0VCcUxROWlISUJnSWRwREVIdTdlaFF3Vk5kRFA5UGFGTjVTV01XOHFSVHpRdFZyNVpLa05KM3hnZUhBcktQNApFdTZkNnRlazRHQ1JtY0pTUzRucUJRaFE4WDhNQTdwdHlQNFhKanloRUNNdXZKd3dYY3lRWlVQVmxkeHprWHI2Ck55ZVVsQjMwa20zQ3NxUzA4MUE1QjZ6L2kvaXMyRm92Z2NORDkwTjZ0WWlyanQ4TzJiS2xPVUV5emRUZjMyQ2UKVXJlUWdnNkJBb0dCQU1YOFVqU3J1VEFwcUMrdytMakxKb1BEMnNpMnJKc2V4eTkxTkxGNG50eUZqOWIydHlRNApRNFgzUU1DV2trdTVhTkVxUGpvK2dXeU02ODh1ZWYzM1o1Tms5bWxoSVZlOStaNVBlUTBoUFRoU2NvaTV1UkJiCnhRRDJJc091dlBMRmRQUmhLR3d1N2Q1WjN5WWFNaFFUaVN6RlhFTjJ1WjhZZlkvRG9YUGpSUGtUQW9HQkFQUnoKT0tnZi9IblBpYlRZNFBpdVA1b0ZRZXN5WnRCdDFQUnhxODFQVUVGTVJpNmJiSStNN2ljRXdZT09LcmFWeW1IUwpxeksvWUp4NHRkR0RTb3VPcUNZWFJDQUdOdkhHcTBDSmxacWpEZCs4NjVqYUtzeDdwWkdSeWVnV2I1M1pQUFBFCmprbFk4eTh1SzAwWHNPRTNUUmFVRXpoNHFMRkJCRnVQZVpmNlN2UkJBb0dBZkdOOTVuZXBmdmY5SWhHSEF0c24KMUlzOXJ2TU9XTnNxZThlZ2xvdlpDMldpcklVUEpXTndFUC82SDhXNkhuZGJ3bVpPK0ZzREI0YzJORkhYOVZiMgpMU1cycHhpT1VVa2JSbnBaN0lUZ3FMMHNGbmpSSzlUc1hpRkdVRGs5bnkydHdFZzJsRm1idXlJdDBBdVBRUXZSCkdGN2JDOHZRN1lMK2lFOTU1WXg1Ymg4Q2dZQkhEek42RkFwRnNxSGFNMjE2Zk5TNlJpcjZYdVZxVTNNak4rUDAKUThrVm9rR0lqTi9LL3ZHLzMrOE0rZ2ZLbWRLQ0MwWis4d2ozazFOdk94WXhhVi9SNnROLzU2NlRLK2hlVTJCcwoybGRQSWREdTF3UzMrbjJQeW15Q0RmdVdUQzhld1pXSEZ0ZGljSzVmczdKVVZjb1A5UzE5TGY0RHdOMnViQSt4CnNTMld3UUtCZ0h5cEl0MFpOUmxJNUZVVStKV0JTdkxMaHh4QTFMQUNzWVdXcWFIdCsxZ0RKcHowNEVIbmErVkQKZGtQd1N4NUc1UzFiTmhSc3RRS1g5S004YmozVGd1ai84VHY4aVBEbWdIbE9XczR5Lzg4WDgvbWVOWlN0bTErTwp4OXAxN2ZCNjYzaXF2WWdIeFFISFhVa3dOSXBuUGE5MW1kYjRKN0loaFRmd2cxWFYxWEZqCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

合并cluster，context，user三項到一個文件config-mdc，這三部分的name屬性需要改名不重復，查看修改合并后config-mdc的內容

vi /data/pxd/config-mdc
apiVersion: v1
clusters:

cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EVXlOREF6TWpFd01sb1hEVE0wTURVeU1qQXpNakV3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTnJXClVnakVWS3o0Q2kybUJBbExqVkRZZmtUWStiQXZuNEdla093M3FtL0xtMjk5b2JBdW5sRVN0eGw5a0xuVHExSXIKNCtNRzhtamM0dlZRcU9wZHp2THF3anZnOHR4aGIrSnFpNTQyWUl3bEdEaTR6OTA5dllDVDliTDlBUWczVkxYZgo2cUpwbDhPSFdTMDBFNUNBTkJSc3E1VlNLMlh0c3dFL3p5NkliTTk3Vjd6N1l5cFRXa0FKdk1XTFowOEFwY0ZYCmp6a0piRjNac0gyQWt0VWhXNDBjaC9wTk9oUTREZFM0S2U4YU5PVFMzT3RhT2xvc2U2R2x0ZWxVbkxBL2x2MUUKOFRnT2YybFVoOHpzRDhlWlkya0FkdjIzZU1ieVF0RlBJbVpBMFJkQUthd0dqcGZ6U0xsZVo5ckJxNlY5b0c5ZQpoeGtKWldEdHpMQU5MVytXelMwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCUWluZUFxMm1aNStrVE0zY2gzdysxUVRiYmxNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCM0xrTCtDL2lpaFZIeXpPbUp2cENPTExTVHRDdmE0NDZzWWZVQnZ6OFlJKzVMT1RLSwpjc2xnaWxET1FEUTBFc2ZucUp3M2NtaytNLzhMc2o1VVlBeVp4SVRrbVFIbjdGRGJOdlBuckJrVmF4UGxrRGpiCjg5OGZJS0N6Q2NuN1g3aTFQZVVLMzVSSFZwVU5jSjNka0R3Yk9pUFBYbXJicWw3RU15K0s5eGk5RkY3UjdOTnEKUEVXNkJPQ0JwSEpGZTEwUFRtY1hLa1pkM2JvZHMxQnNHcXpFWG84QmtyYjE0WERqWXN4SUc4UEl3RVM2SlFBKwpuamtlUHpMQS9HblVFZnYvOHMwUDRhN3dPVUYvMkliUVpyZE15YXNxYlczTEFxV3J6V3g1OUVldDlYQmhxbTRwCmdCdlNxdVNwWmFEZGVSc0paeXIwUGpBaTVMZ3hvaG9BV0NORAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.5:6443
name: kubernetes-dca
cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1ERXpNVEE1TVRJMU5Gb1hEVE0wTURFeU9EQTVNVEkxTkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTC9tCnhxZ093ZG0yMW5ZdVkrT0ZGR2xDZk8rYTdjREJWdzBoVnZnM1dRTkNUZlVEMllicUlmYlhCa2crdVFkSWkzdTUKYUlLWHNxSjZYelc2MzZBYWtiYit3ZFZabVdXeDAxZ3lzbTg0ejRRRTlSZjdoV25GSmN4YTVRZjJjNmlaeFd0RQpEMGdqek1YMm5pMFBUS05oQzI4Y055U21yTGNOczIwcWpkOFYyVml5VE51TklVVjlUMWl0cjc2eUlDdTRtL3UyCm5qL054cUlPT0xjNHM0SWhoVW5vcno3VnR4b1lLRFZQOFlDMUFGNlJYMmMxSVV4MVg2aHg1NXVjVDIyblRtMFcKcG5vS2N5eGtxdUVXUVo5Qjc0bm1NQ2R3c2I1Yy90VTNhRUYzYTZhSmN6MjkvUGRqMlhpQ2lkRlh4MTd6aE1PUwp0ZWRiUXNHVDFKcEhVd1g0aEwwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOaENWVHI1bTBXc0tpUUpXQS80a00xVmN2RG5NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCQnF4TGdiSTg0aVpBQUlhbzZQR0k2UlFUQndoS1lMdnNWSkVuNTc1eWV2ZTlTdmd0OQo2c2lML0Jka2JscWc2c3BMTlZESTg4TVplRG02b01sVTVJa2lXSHpzd2dBeDNYdzY0LzdFNmtKQnlFUUlIdWNWCmJZOWRtMW5GZjV4bWpNVVhwUVl4V1poOWNBTXBUWWkrVnp1cm5lZ2pHK2laNHV2TW5QUTd0THBUQmU1WWxJZzIKYi9oWkZnMmczTUNHbU1LaWRWVEJ1MzM4RXdteDZTRVhMdTVvNlV1MHlMRWhZNVJTam90UWtsTHppclNXd245egovcFl3R3NDZE9sZzM5RFlmbmsvd2RZaEd1L2prdGZtaDRYY1cwZ1dJbEdaNDJFNE5ncWpEQk9VazFmdnhQUER0CnJFaEhNTlUrQVBoanhJdHRvdzVBNm93SFNHdzQrcTdPYWQ4UAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.6:6443
name: kubernetes-dcb
contexts:
context:
cluster: kubernetes-dca
user: kubernetes-admin-dca
name: adm@kube-dca
context:
cluster: kubernetes-dcb
user: kubernetes-admin-dcb
name: adm@kube-dcb
current-context: adm@kube-dca
kind: Config
preferences: {}
users:
name: kubernetes-admin-dca
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWXV3WEdDbHF6N3N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBMU1qUXdNekl4TURKYUZ3MHlOVEExTWpRd016SXhNRFphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlMTUdHVVJXdTZnZzBmZjEKcGlxYnFqdXZGWlFOQm9iTlNtd1hpSDdqUkxPdmRrVzNwdkRSR0lmV1lvdGpNUDZydTdjVzRZbDBMeDIycEdodgpiRkhUWFFvUENmUzhOK1lsNEp3TFNqYnNBSDdpMW00NVVNNWZHenJlbHhqTjRHS0sxSVFPR2pwWjRyUkpZOHBZCmhSUExuRXBHWGpyVW0wWXZGYkFseW84bDFWQVZ5WTh6UzlUL0JKY0JvcjE0MHZtNkRXNDFFeEx0N2JRT0lCRGIKbmVtdWxDMFFmV1EzallKRUEvbFpRN0FUZ0tyblIzSGhZS0Z3enFmU2NDK1VyOVlnRWlwODRzODBQN0Q3a1ZZcApBVzdaYW5PZ2duYituaTFJSXlvY0FoTGVOQVRYbE9qaWJEc1RBUG44SS9qZHNmaksyVk82bXk4UkFyZnhsdXlXClVjL2VPUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRVUlwM2dLdHBtZWZwRXpOM0lkOFB0VUUyMgo1VEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBUEtLSG5VcFJ0b0ZXZEE5aFV6TmNaQy8rOXByc0lhZkwwVGplCm94aUpQWENYOGtyWTVzbko2M2IwemFNSEs1Rzh2OEJIYTFDT0V4VXp2c3JZY05oanBET2hZVUhSenNMN1FVUUMKQjVnclhuZmdSZGJrSzhkUkNINTN1UXpBLzZQRXZRbDVrYzMxbjd6Y1Y3eEM4L3lVSWpUaHdHUjUzZ3ZqSHhKSQozbzdRaHVYaTlPUmhnTWxVL3BCNkZ0amMvVzIvODNyaFdEdC9UOFhXSGNiUVRkQm0va0NLNnhubzJ4UnNPbEltClNTMnBsWUk1K2QyVGlGeFdVZmttaWRkSld0MzdGbC9KbURVaWpOUGZuUXAwd0dxRURuNG9nWlFmRFBFSE5IcWwKd000T3BSeHIwbVBhdkRiYnlDL0xKZGN6b1lxYzZLaGxZbURuSENDTk1aSkZMRHl0ZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeUxNR0dVUld1NmdnMGZmMXBpcWJxanV2RlpRTkJvYk5TbXdYaUg3alJMT3Zka1czCnB2RFJHSWZXWW90ak1QNnJ1N2NXNFlsMEx4MjJwR2h2YkZIVFhRb1BDZlM4TitZbDRKd0xTamJzQUg3aTFtNDUKVU01Zkd6cmVseGpONEdLSzFJUU9HanBaNHJSSlk4cFloUlBMbkVwR1hqclVtMFl2RmJBbHlvOGwxVkFWeVk4egpTOVQvQkpjQm9yMTQwdm02RFc0MUV4THQ3YlFPSUJEYm5lbXVsQzBRZldRM2pZSkVBL2xaUTdBVGdLcm5SM0hoCllLRnd6cWZTY0MrVXI5WWdFaXA4NHM4MFA3RDdrVllwQVc3WmFuT2dnbmIrbmkxSUl5b2NBaExlTkFUWGxPamkKYkRzVEFQbjhJL2pkc2ZqSzJWTzZteThSQXJmeGx1eVdVYy9lT1FJREFRQUJBb0lCQVFDQzErUHorUStxaS9QSgpyNlJnem9wcHN6dDBEKzlsLytBNjBybU03Vnh4WDh2V2lhRXZudlJTejh3K3RxeldObEh6c1d1alloOXkwQ1pRCmpSMkhPdGxYWU1WcE1qcTdIcm8yOHNTUmY3amdvZGgwLzZzeU9UamI0Y2RZTG4yWitlU1VvL3Nsc2tFRGdaSVAKRXM0ZkJFYkwvOGhjaW5JdFFOWlZoMTg3N1pNMnV6VFdwTXpzZHBPamh0bk1NTGRqaEtCK3lBRXQ1bnVIZmYrNQo1K2hzSXN1NC85aWtNNnduYWdMaUMxdEoydHZLYksvdW1JTVRGdmwxcmJ2MXJMVUwycHJkYjhVeDEvV2RocXhPCldnQ2NsYzhxTmN2bnBkTTduVGdhYzc1cG91cXUyVEdkRmVKb1FZUFJWcjFSTTJkaG1PTDA5cWZyZmwxcHdxazEKTmpBYUdYTmhBb0dCQVBXbmorZ01wZFJiSU41RWovTHorV1ZNdUxIWlRVcmJ0T3R0bW85Y05iSFowR0xsSzM5ZwpOMytKd0ExQXdmY2RhUldHbGhqV0F5RmpjcHhCVHo4Wi94dTg0ZXg4bmM4UU9uY0lOSDJWTXdaWWg5aVBiQ08xCksvTTJoL1BtWlBvajg5ZERaQTZQbjAvSURZMGY5OVhvNXVaT2pScU1qcEZxT21xUkJiWjVQZ21WQW9HQkFORW0KeXZEN0V1N3NwaXZodldLcG83QVUwU3VkdHc2RFZueWIwTmVNK1orTCtpUXJZQUs3RU4vTWttV2k5R2Q5MkdOSQpoT3NMUERrc2ZlMi9WTmdPZDF5VUF5MUFXc24zNVA0N2R6Wi9jOUw1V1hPc2hhZXlYdGJpdGs2MXpRdXVXdU5CCjFlOFFKalNqdHpsRlR4TUxORTQ1V2ZlTy9hQ2lDbVhSYUE4U0VZRVZBb0dBWEpoWGZ4RmRaSWtnLzRiNmQ0cU4KQkNrQ0tVK09lZHdNK3Z6cVdJVmFXL3FOT09uSEZwRXUraXp6TGt1dGtUY055Q1pkNTJpcjcyYnI2WWdZbGVGMwpybjNvN3RvZUpkR3BKL3I0eGlsNS9UZGJwVDZTZFhjeDVOQTJPTElzZDdrYmpaV0NYcGEyWnoweUZuTHBXVUViCjM4M1dGQjdORW5Ubkpnb2FEQ2p4UUcwQ2dZQlBjZ3JZYXFhUWR2ZlA1MW1HNXFVMHQxT1UyNzJ6RjVSOGxMdEoKaFZVMGsza2EwQmNTTW5pQWFqYVp3TUpScFczU21MTlVqTm45WmJjWDNmdWViakJNekRSQXRoZEdiSkZoT0xsWgp6Q1AwMlo1dTMvT005YVlzdmNVK05MU0VZV0JJdnJOQ3NjR3hjUmFoL0gvQzNoaXFOZ0xFbEY0bTdDWkM4cjR5CkswelcyUUtCZ1FDV2FhL1Nva3NuSnFCbytDMWhtZVY1a3VqWTA2R0JFRk10VXNIQ1k5YzlIUnEvMXFuMXJCR2wKb1pFbjFIQnJKZUJ5UWk5b0VrNXJWMm9UbWhXYUdOM3JiMDlxZGs3SFRwWEVtSlFJdXkwK2VnaVFnNUNxdENybgpjZlJaWlBCSjNPa0FIN3hoODAvUmJMRXkvUWRHZ2tKVkQ4b2FkWk54TVZjZFRUaklVL1V6amc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
name: kubernetes-admin-dcb
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWFZxMXZRbm54cEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBeE16RXdPVEV5TlRSYUZ3MHlOVEF4TXpBd09URXlOVGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZRMmFoRm1qN3NPY0duUS8KRkNhUmRUMCtTS05qUXpwWHJ6cGdDOFgrQ1hBdXBBTjFlWk13Mm0yTGR3VC9FZmpJeVY4SUNkMHd2a25KUWY0agpEQTNvMW1NR0RnSVBQamV6VzNObHAvR3d0MDdIYmlwaXNWdlY4aDQ5TEEyNXRLYmJuVi9wUU1CTXRlUHV1Y2VICk1sRmFjK1RzL2szNVdCS1gwUGhsUGZIYkJtMEkzZFdBWWU1NTFjVXArTDNYZjBNQ1g5b2RMOW1uSGxmVUR0Q08KM3Q3amdpY3I2ZmttRmJldGFGbE1NMXo3OUxrTlY5MFRhNUxCenZSOHo0OUhIMkdMTHJOT0FDOC9RNGRFeUV1MApiSklqT1VBMFdLaXh3blE2OWlBRlhPSlRSTmV3ZzdHVzVueEU5S1dlS2dCSHlyM1ZMb1kxTjlzYnNFTllCV1ZyCi8yZFowd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUWVFsVTYrWnRGckNva0NWZ1ArSkROVlhMdwo1ekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBVHpDNVF3RkR6ekVlRUNsdjJUaDBzRmZ6bllrTmlBOFBzZjJJCktEZGRDRFRQdHVrSU1mZXc4Q3JNV2hqbGo4MTVZTTc5UGlKSEp1YTVxVGRtN3Y3NGJuQ3ZBdDJZT25ubTc1Z2YKL08vTGFRdXdUUVhHTWNwa2xZYUVXS2ExRWVRS2cxVlV5aXAyMDhRNDd3RGlPcHdJWXBIL0l1MGRuTlM2eUZaMApENFhqUTk0ZVdsVVd4RXF2RGJqY0RVOVUvVjBZMzI4S1Rsc3ozbkNTZitsV0hROFRncHRzQU94UVhtd3BuR1YyCjNuVDdsL1VYZEpZVDFMWE8yUXRCdjZuZS8zaEYwVmEzbUcrRjR1Q1pDZHhkckxSL05xK3VSaC9QY04zWkhjY2sKRmR1NG5mbEQ3eFFrTzJGRUU3b0RONFM0bm1ZSVBadmtHVHlMd2p1eTZwVk1iTnk4WFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdlEyYWhGbWo3c09jR25RL0ZDYVJkVDArU0tOalF6cFhyenBnQzhYK0NYQXVwQU4xCmVaTXcybTJMZHdUL0Vmakl5VjhJQ2Qwd3ZrbkpRZjRqREEzbzFtTUdEZ0lQUGplelczTmxwL0d3dDA3SGJpcGkKc1Z2VjhoNDlMQTI1dEtiYm5WL3BRTUJNdGVQdXVjZUhNbEZhYytUcy9rMzVXQktYMFBobFBmSGJCbTBJM2RXQQpZZTU1MWNVcCtMM1hmME1DWDlvZEw5bW5IbGZVRHRDTzN0N2pnaWNyNmZrbUZiZXRhRmxNTTF6NzlMa05WOTBUCmE1TEJ6dlI4ejQ5SEgyR0xMck5PQUM4L1E0ZEV5RXUwYkpJak9VQTBXS2l4d25RNjlpQUZYT0pUUk5ld2c3R1cKNW54RTlLV2VLZ0JIeXIzVkxvWTFOOXNic0VOWUJXVnIvMmRaMHdJREFRQUJBb0lCQVFDWXlYYTRRYzNYK0NTZgp5SlQyRHhsOVc2cUxmK2lIKzQzRDR2U2ViendZbXA1SEZUaUtzYWRJMEVGblJoVnlpOUtSMUFpbUdDbjlqNXBrCmlDUUE2UGprMHBDaEg0NzhKSDRDaWFkOWJEbjZXMk9YcUErczhPQmVWWXZ3bjRNVytjY0JUL010em52d2dDNTkKM0VCcUxROWlISUJnSWRwREVIdTdlaFF3Vk5kRFA5UGFGTjVTV01XOHFSVHpRdFZyNVpLa05KM3hnZUhBcktQNApFdTZkNnRlazRHQ1JtY0pTUzRucUJRaFE4WDhNQTdwdHlQNFhKanloRUNNdXZKd3dYY3lRWlVQVmxkeHprWHI2Ck55ZVVsQjMwa20zQ3NxUzA4MUE1QjZ6L2kvaXMyRm92Z2NORDkwTjZ0WWlyanQ4TzJiS2xPVUV5emRUZjMyQ2UKVXJlUWdnNkJBb0dCQU1YOFVqU3J1VEFwcUMrdytMakxKb1BEMnNpMnJKc2V4eTkxTkxGNG50eUZqOWIydHlRNApRNFgzUU1DV2trdTVhTkVxUGpvK2dXeU02ODh1ZWYzM1o1Tms5bWxoSVZlOStaNVBlUTBoUFRoU2NvaTV1UkJiCnhRRDJJc091dlBMRmRQUmhLR3d1N2Q1WjN5WWFNaFFUaVN6RlhFTjJ1WjhZZlkvRG9YUGpSUGtUQW9HQkFQUnoKT0tnZi9IblBpYlRZNFBpdVA1b0ZRZXN5WnRCdDFQUnhxODFQVUVGTVJpNmJiSStNN2ljRXdZT09LcmFWeW1IUwpxeksvWUp4NHRkR0RTb3VPcUNZWFJDQUdOdkhHcTBDSmxacWpEZCs4NjVqYUtzeDdwWkdSeWVnV2I1M1pQUFBFCmprbFk4eTh1SzAwWHNPRTNUUmFVRXpoNHFMRkJCRnVQZVpmNlN2UkJBb0dBZkdOOTVuZXBmdmY5SWhHSEF0c24KMUlzOXJ2TU9XTnNxZThlZ2xvdlpDMldpcklVUEpXTndFUC82SDhXNkhuZGJ3bVpPK0ZzREI0YzJORkhYOVZiMgpMU1cycHhpT1VVa2JSbnBaN0lUZ3FMMHNGbmpSSzlUc1hpRkdVRGs5bnkydHdFZzJsRm1idXlJdDBBdVBRUXZSCkdGN2JDOHZRN1lMK2lFOTU1WXg1Ymg4Q2dZQkhEek42RkFwRnNxSGFNMjE2Zk5TNlJpcjZYdVZxVTNNak4rUDAKUThrVm9rR0lqTi9LL3ZHLzMrOE0rZ2ZLbWRLQ0MwWis4d2ozazFOdk94WXhhVi9SNnROLzU2NlRLK2hlVTJCcwoybGRQSWREdTF3UzMrbjJQeW15Q0RmdVdUQzhld1pXSEZ0ZGljSzVmczdKVVZjb1A5UzE5TGY0RHdOMnViQSt4CnNTMld3UUtCZ0h5cEl0MFpOUmxJNUZVVStKV0JTdkxMaHh4QTFMQUNzWVdXcWFIdCsxZ0RKcHowNEVIbmErVkQKZGtQd1N4NUc1UzFiTmhSc3RRS1g5S004YmozVGd1ai84VHY4aVBEbWdIbE9XczR5Lzg4WDgvbWVOWlN0bTErTwp4OXAxN2ZCNjYzaXF2WWdIeFFISFhVa3dOSXBuUGE5MW1kYjRKN0loaFRmd2cxWFYxWEZqCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
配置容器網絡

在安裝容器網絡前，Kubernetes 集群無法正常工作。容器網絡的解決方案有多個選項，本方案使用基本 calico 網絡的安裝方式。

vi calico_v3.15.1.yaml

Source: calico/templates/calico-config.yaml

This ConfigMap is used to configure a self-hosted Calico installation.

kind: ConfigMap
apiVersion: v1
metadata:
name: calico-config
namespace: kube-system
data:

Typha is disabled.

typha_service_name: “none”

Configure the backend to use.

calico_backend: “bird”

Configure the MTU to use

veth_mtu: “1440”

The CNI network configuration to install on each node. The special

values in this config will be automatically populated.

cni_network_config: |-
{
“name”: “k8s-pod-network”,
“cniVersion”: “0.3.1”,
“plugins”: [
{
“type”: “calico”,
“log_level”: “info”,
“datastore_type”: “kubernetes”,
“nodename”: “KUBERNETES_NODE_NAME”,
“mtu”: CNI_MTU,
“ipam”: {
“type”: “calico-ipam”
},
“policy”: {
“type”: “k8s”
},
“kubernetes”: {
“kubeconfig”: “KUBECONFIG_FILEPATH”
}
},
{
“type”: “portmap”,
“snat”: true,
“capabilities”: {“portMappings”: true}
}
]
}

Source: calico/templates/kdd-crds.yaml

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: felixconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: FelixConfiguration
plural: felixconfigurations
singular: felixconfiguration

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamblocks.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMBlock
plural: ipamblocks
singular: ipamblock

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: blockaffinities.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BlockAffinity
plural: blockaffinities
singular: blockaffinity

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamhandles.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMHandle
plural: ipamhandles
singular: ipamhandle

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamconfigs.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMConfig
plural: ipamconfigs
singular: ipamconfig

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgppeers.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPPeer
plural: bgppeers
singular: bgppeer

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgpconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPConfiguration
plural: bgpconfigurations
singular: bgpconfiguration

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ippools.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPPool
plural: ippools
singular: ippool

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hostendpoints.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: HostEndpoint
plural: hostendpoints
singular: hostendpoint

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterinformations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: ClusterInformation
plural: clusterinformations
singular: clusterinformation

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworkpolicies.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkPolicy
plural: globalnetworkpolicies
singular: globalnetworkpolicy

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworksets.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkSet
plural: globalnetworksets
singular: globalnetworkset

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networkpolicies.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networksets.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkSet
plural: networksets
singular: networkset

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
name: kubecontrollersconfigurations.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: KubeControllersConfiguration
listKind: KubeControllersConfigurationList
plural: kubecontrollersconfigurations
singular: kubecontrollersconfiguration
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: ‘APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources’
type: string
kind:
description: ‘Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds’
type: string
metadata:
type: object
spec:
description: KubeControllersConfigurationSpec contains the values of the
Kubernetes controllers configuration.
properties:
controllers:
description: Controllers enables and configures individual Kubernetes
controllers
properties:
namespace:
description: Namespace enables and configures the namespace controller.
Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
node:
description: Node enables and configures the node controller.
Enabled by default, set to nil to disable.
properties:
hostEndpoint:
description: HostEndpoint controls syncing nodes to host endpoints.
Disabled by default, set to nil to disable.
properties:
autoCreate:
description: ‘AutoCreate enables automatic creation of
host endpoints for every node. [Default: Disabled]’
type: string
type: object
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
syncLabels:
description: ‘SyncLabels controls whether to copy Kubernetes
node labels to Calico nodes. [Default: Enabled]’
type: string
type: object
policy:
description: Policy enables and configures the policy controller.
Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
serviceAccount:
description: ServiceAccount enables and configures the service
account controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
workloadEndpoint:
description: WorkloadEndpoint enables and configures the workload
endpoint controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
type: object
etcdV3CompactionPeriod:
description: ‘EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]’
type: string
healthChecks:
description: ‘HealthChecks enables or disables support for health
checks [Default: Enabled]’
type: string
logSeverityScreen:
description: ‘LogSeverityScreen is the log severity above which logs
are sent to the stdout. [Default: Info]’
type: string
required:
- controllers
type: object
status:
description: KubeControllersConfigurationStatus represents the status
of the configuration. It’s useful for admins to be able to see the actual
config that was applied, which can be modified by environment variables
on the kube-controllers process.
properties:
environmentVars:
additionalProperties:
type: string
description: EnvironmentVars contains the environment variables on
the kube-controllers that influenced the RunningConfig.
type: object
runningConfig:
description: RunningConfig contains the effective config that is running
in the kube-controllers pod, after merging the API resource with
any environment variables.
properties:
controllers:
description: Controllers enables and configures individual Kubernetes
controllers
properties:
namespace:
description: Namespace enables and configures the namespace
controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
node:
description: Node enables and configures the node controller.
Enabled by default, set to nil to disable.
properties:
hostEndpoint:
description: HostEndpoint controls syncing nodes to host
endpoints. Disabled by default, set to nil to disable.
properties:
autoCreate:
description: ‘AutoCreate enables automatic creation
of host endpoints for every node. [Default: Disabled]’
type: string
type: object
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
syncLabels:
description: ‘SyncLabels controls whether to copy Kubernetes
node labels to Calico nodes. [Default: Enabled]’
type: string
type: object
policy:
description: Policy enables and configures the policy controller.
Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
serviceAccount:
description: ServiceAccount enables and configures the service
account controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
workloadEndpoint:
description: WorkloadEndpoint enables and configures the workload
endpoint controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
type: object
etcdV3CompactionPeriod:
description: ‘EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]’
type: string
healthChecks:
description: ‘HealthChecks enables or disables support for health
checks [Default: Enabled]’
type: string
logSeverityScreen:
description: ‘LogSeverityScreen is the log severity above which
logs are sent to the stdout. [Default: Info]’
type: string
required:
- controllers
type: object
type: object
type: object
served: true
storage: true

Source: calico/templates/rbac.yaml

Include a clusterrole for the kube-controllers component,

and bind it to the calico-kube-controllers serviceaccount.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
rules:

Nodes are watched to monitor for deletions.

apiGroups: [“”]
resources:
- nodes
  verbs:
- watch
- list
- get

Pods are queried to check for existence.

apiGroups: [“”]
resources:
- pods
  verbs:
- get

IPAM resources are manipulated when nodes are deleted.

apiGroups: [“crd.projectcalico.org”]
resources:
- ippools
  verbs:
- list
apiGroups: [“crd.projectcalico.org”]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
- hostendpoints
  verbs:
- get
- list
- create
- update
- delete

Needs access to update clusterinformations.

apiGroups: [“crd.projectcalico.org”]
resources:
- clusterinformations
- kubecontrollersconfigurations
  verbs:
- get
- create
- update

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-kube-controllers
subjects:

kind: ServiceAccount
name: calico-kube-controllers
namespace: kube-system

Include a clusterrole for the calico-node DaemonSet,

and bind it to the calico-node serviceaccount.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-node
rules:

The CNI plugin needs to get pods, nodes, and namespaces.

apiGroups: [“”]
resources:
- pods
- nodes
- namespaces
- configmaps
  verbs:
- get
apiGroups: [“”]
resources:
- endpoints
- services
  verbs:
Used to discover service IPs for advertisement.
- watch
- list
Used to discover Typhas.
- get
apiGroups: [“”]
resources:
- nodes/status
  verbs:
Needed for clearing NodeNetworkUnavailable flag.
- patch
Calico stores some configuration information in node annotations.
- update

Watch for changes to Kubernetes NetworkPolicies.

apiGroups: [“networking.k8s.io”]
resources:
- networkpolicies
  verbs:
- watch
- list

Used by Calico for policy information.

apiGroups: [“”]
resources:
- pods
- namespaces
- serviceaccounts
  verbs:
- list
- watch

The CNI plugin patches pods/status.

apiGroups: [“”]
resources:
- pods/status
  verbs:
- patch

Calico monitors various CRDs for config.

apiGroups: [“crd.projectcalico.org”]
resources:
- globalfelixconfigs
- felixconfigurations
- bgppeers
- globalbgpconfigs
- bgpconfigurations
- ippools
- ipamblocks
- globalnetworkpolicies
- globalnetworksets
- networkpolicies
- networksets
- clusterinformations
- hostendpoints
  verbs:
- get
- list
- watch

Calico must create and update some CRDs on startup.

apiGroups: [“crd.projectcalico.org”]
resources:
- ippools
- felixconfigurations
- clusterinformations
  verbs:
- create
- update

Calico stores some configuration information on the node.

apiGroups: [“”]
resources:
- nodes
  verbs:
- get
- list
- watch

These permissions are only requried for upgrade from v2.6, and can

be removed after upgrade or on fresh installations.

apiGroups: [“crd.projectcalico.org”]
resources:
- bgpconfigurations
- bgppeers
  verbs:
- create
- update

These permissions are required for Calico CNI to perform IPAM allocations.

apiGroups: [“crd.projectcalico.org”]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
  verbs:
- get
- list
- create
- update
- delete
apiGroups: [“crd.projectcalico.org”]
resources:
- ipamconfigs
  verbs:
- get

Block affinities must also be watchable by confd for route aggregation.

apiGroups: [“crd.projectcalico.org”]
resources:
- blockaffinities
  verbs:
- watch

The Calico IPAM migration needs to get daemonsets. These permissions can be

removed if not upgrading from an installation using host-local IPAM.

apiGroups: [“apps”]
resources:
- daemonsets
  verbs:
- get

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calico-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:

kind: ServiceAccount
name: calico-node
namespace: kube-system

Source: calico/templates/calico-node.yaml

This manifest installs the calico-node container, as well

as the CNI plugins and network config on

each master and worker node in a Kubernetes cluster.

kind: DaemonSet
apiVersion: apps/v1
metadata:
name: calico-node
namespace: kube-system
labels:
k8s-app: calico-node
spec:
selector:
matchLabels:
k8s-app: calico-node
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
k8s-app: calico-node
annotations:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
scheduler.alpha.kubernetes.io/critical-pod: ‘’
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
tolerations:
# Make sure calico-node gets scheduled on all nodes.
- effect: NoSchedule
operator: Exists
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
serviceAccountName: calico-node
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a “force
# deletion”: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
terminationGracePeriodSeconds: 0
priorityClassName: system-node-critical
initContainers:
# This container performs upgrade from host-local IPAM to calico-ipam.
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
- name: upgrade-ipam
image: registry:5000/calico/cni:v3.15.1
command: [“/opt/cni/bin/calico-ipam”, “-upgrade”]
env:
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CALICO_NETWORKING_BACKEND
valueFrom:
configMapKeyRef:
name: calico-config
key: calico_backend
volumeMounts:
- mountPath: /var/lib/cni/networks
name: host-local-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
securityContext:
privileged: true
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: registry:5000/calico/cni:v3.15.1
command: [“/install-cni.sh”]
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: “10-calico.conflist”
# The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG
valueFrom:
configMapKeyRef:
name: calico-config
key: cni_network_config
# Set the hostname based on the k8s node name.
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# CNI MTU Config variable
- name: CNI_MTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# Prevents the container from sleeping forever.
- name: SLEEP
value: “false”
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
securityContext:
privileged: true
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API.
- name: flexvol-driver
image: registry:5000/calico/pod2daemon-flexvol:v3.15.1
volumeMounts:
- name: flexvol-driver-host
mountPath: /host/driver
securityContext:
privileged: true
containers:
# Runs calico-node container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: calico-node
image: registry:5000/calico/node:v3.15.1
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
value: “kubernetes”
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: “true”
# Set based on the k8s node name.
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Choose the backend to use.
- name: CALICO_NETWORKING_BACKEND
valueFrom:
configMapKeyRef:
name: calico-config
key: calico_backend
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: “k8s,bgp”
# Auto-detect the BGP IP address.
- name: IP
value: “autodetect”
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
value: “Always”
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDR
value: “192.168.0.0/16”
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: “true”
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: “ACCEPT”
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: “false”
# Set Felix logging to “info”
- name: FELIX_LOGSEVERITYSCREEN
value: “info”
- name: FELIX_HEALTHENABLED
value: “true”
securityContext:
privileged: true
resources:
requests:
cpu: 250m
livenessProbe:
exec:
command:
- /bin/calico-node
- -felix-live
- -bird-live
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/calico-node
- -bird-ready
- -felix-ready
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- mountPath: /var/run/calico
name: var-run-calico
readOnly: false
- mountPath: /var/lib/calico
name: var-lib-calico
readOnly: false
- name: policysync
mountPath: /var/run/nodeagent
volumes:
# Used by calico-node.
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run-calico
hostPath:
path: /var/run/calico
- name: var-lib-calico
hostPath:
path: /var/lib/calico
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
# Used to install CNI.
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
# Mount in the directory for host-local IPAM allocations. This is
# used when upgrading from host-local to calico-ipam, and can be removed
# if not using the upgrade-ipam init container.
- name: host-local-net-dir
hostPath:
path: /var/lib/cni/networks
# Used to create per-pod Unix Domain Sockets
- name: policysync
hostPath:
type: DirectoryOrCreate
path: /var/run/nodeagent
# Used to install Flex Volume Driver
- name: flexvol-driver-host
hostPath:
type: DirectoryOrCreate
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds

apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
namespace: kube-system

Source: calico/templates/calico-kube-controllers.yaml

See https://github.com/projectcalico/kube-controllers

apiVersion: apps/v1
kind: Deployment
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
spec:

The controllers can only have a single active instance.

replicas: 1
selector:
matchLabels:
k8s-app: calico-kube-controllers
strategy:
type: Recreate
template:
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ‘’
spec:
nodeSelector:
beta.kubernetes.io/os: linux
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- key: node-role.kubernetes.io/master
effect: NoSchedule
serviceAccountName: calico-kube-controllers
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: registry:5000/calico/kube-controllers:v3.15.1
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS
value: node
- name: DATASTORE_TYPE
value: kubernetes
readinessProbe:
exec:
command:
- /usr/bin/check-status
- -r

apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-kube-controllers
namespace: kube-system

Source: calico/templates/calico-etcd-secrets.yaml

Source: calico/templates/calico-typha.yaml

Source: calico/templates/configure-canal.yaml

配置數據中心A的k8s集群的calico網絡

設置kubectl 控制的集群切換到adm@kube-dca的上下文，即控制1x2.2x.2x7.5為主節點的集群

kubectl config --kubeconfig=/data/pxd/config-mdc use-context adm@kube-dca

切換后，查看當前集群的節點是否是想設置的集群

kubectl get nodes -o wide

kubectl apply -f calico_v3.15.1.yaml

檢查 calico 容器是否創建：

kubectl -n kube-system get pods -o wide

耐心等待容器進入 Running 狀態后，檢查所有 Kubernetes 節點是否處于 “Ready”：

kubectl get nodes -o wide
配置數據中心B的k8s集群的calico網絡

設置kubectl 控制的集群切換到adm@kube-dcb的上下文，即控制1x2.2x.2x7.6為主節點的集群

kubectl config use-context adm@kube-dcb

切換后，查看當前集群的節點是否是想設置的集群

kubectl get nodes -o wide

重復上訴設置A集群時的步驟完成B集群的calico網絡配置
基于k8s部署PolarDB-X

先部署A集群
安裝前置工具和啟動PolarDB-X集群相關的容器

切換到控制A集群

kubectl config use-context adm@kube-dca

kubectl get nodes -o wide

cd /data/pxd/polardbx-install
sh install.sh

檢查容器啟動是否成功：

kubectl get pods -n polardbx-operator-system
部署PolarDB-X

查看配置文件模版

kubectl get pxpt -A
返回：
NAMESPACE NAME AGE
polardbx-operator-system product-57 80m
polardbx-operator-system product-80 80m
polardbx-operator-system product-8032 80m
上面列出用于配置PolarDB-X的模版，在后續部署集群的拓撲文件里面需要指定該模版，polardb-x 2.4版使用product-8032。

編輯集群拓撲配置文件：
vi polarx_lite.yaml
apiVersion: polardbx.aliyun.com/v1
kind: PolarDBXCluster
metadata:
name: pxc-product
spec:

PolarDB-X 初始賬號密碼

privileges:

username: admin
password: “123456”
type: SUPER

配置模板，采用生產配置

parameterTemplate:
name: product-8032

PolarDB-X 集群配置

config:
# CN 相關配置
cn:
# 靜態配置
static:
# 使用新 RPC 協議
RPCProtocolVersion: 2

PolarDB-X 集群拓撲

topology:
# 集群部署規則

rules:

# 預定義節點選擇器

selectors:

- name: node-cn

nodeSelector:

nodeSelectorTerms:

- matchExpressions:

- key: polardbx/node

operator: In

values:

- cn

- name: node-dn

nodeSelector:

nodeSelectorTerms:

- matchExpressions:

- key: polardbx/node

operator: In

values:

- dn

components:

# DN 部署規則

dn:

nodeSets:

- name: cands

role: Candidate

replicas: 2

selector:

reference: node-dn

- name: log

role: Voter

replicas: 1

selector:

reference: node-dn

# CN 部署規則

cn:

- name: cn

selector:

reference: node-cn

nodes:# GMS 規格配置gms:template:# 存儲節點鏡像image: registry:5000/polardbx-engine:v2.4.0_8.4.19# 使用宿主機網絡hostNetwork: true# gms 的資源規格resources:requests:cpu: 1memory: 8Gilimits:cpu: 2memory: 8Gi# DN 規格配置dn:# DN 數量配置replicas: 3template:image: registry:5000/polardbx-engine:v2.4.0_8.4.19# 使用宿主機網絡hostNetwork: true# dn 的資源規格resources:requests:cpu: 1memory: 32Gilimits:cpu: 4memory: 32Gi# CN 規格配置cn:# CN 數量配置replicas: 2template:image: registry:5000/polardbx-sql:v2.4.0_5.4.19# 使用宿主機網絡hostNetwork: trueresources:requests:cpu: 2memory: 16Gilimits:cpu: 4memory: 16Gicdc:# CDC 數量配置replicas: 2template:image: registry:5000/polardbx-cdc:v2.4.0_5.4.19# 使用宿主機網絡hostNetwork: trueresources:requests:cpu: 1memory: 8Gilimits:cpu: 2memory: 8Gi

執行如下命令將 product-8032 參數模板拷貝到 default 命名空間
kubectl get pxpt product-8032 -n polardbx-operator-system -o json | jq ‘.metadata.namespace = “default”’ | kubectl apply -f -
運行以下命令在 Kubernetes 集群部署 PolarDB-X 數據庫：

kubectl create -f polarx_lite.yaml

檢查容器 Pod 狀態，直到所有容器顯示 “Running”：

kubectl get pods

用以下命令確認 PolarDB-X 數據庫狀態：

kubectl get pxc pxc-product

調整容器分布

vi rebalance.yaml
apiVersion: polardbx.aliyun.com/v1
kind: SystemTask
metadata:
name: rbsystemtask
spec:
taskType: “BalanceResource”

創建 Rebalance 任務：

kubectl apply -f rebalance.yaml

觀察任務狀態：

kubectl get SystemTask -w

當任務狀態顯示 Success, 代表自動調整任務已完成。

觀察pod是否分布均勻

kubectl get pods -o wide
切換訪問方式

在 Kubernetes 集群內，PolarDB-X 數據庫通常使用 Cluster-IP 方式提供服務。但是在 Kubernetes 集群外部的服務器無法訪問 Cluster-IP，這時需要調整 PolarDB-X 配置，使用 NodePort 方式提供服務。運行以下命令：

kubectl edit svc pxc-product

進入 Yaml 編輯模式，修改子項 spec: type: ClusterIP 內容為 NodePort，保存退出編輯

kubectl get svc pxc-product
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
pxc-product NodePort 10.109.12.187 3306:32402/TCP,8081:30698/TCP 43h
mysql -h 1x2.2x.2x7.11 -P32402 -u admin -p123456 -Ac

kubectl edit pxc pxc-product
進入 Yaml 編輯模式，修改子項 serviceType: ClusterIP 內容為 NodePort，保存退出編輯，保證元數據記錄的服務模式和服務一致。

再部署B級群，切換到控制B集群

kubectl config use-context adm@kube-dcb

kubectl get nodes -o wide

重復上述的部署步驟完成B集群部署
參數調優
set ENABLE_SET_GLOBAL = true;
set global RECORD_SQL=false;
set global MPP_METRIC_LEVEL=0;
set global ENABLE_CPU_PROFILE=false;
set global ENABLE_BACKGROUND_STATISTIC_COLLECTION=false;
set global ENABLE_STATISTIC_FEEDBACK=false;
set global ENABLE_DEADLOCK_DETECTION=false;
set global ENABLE_TRANS_LOG=false;
set global GROUP_PARALLELISM=1;
set global CONN_POOL_MAX_POOL_SIZE=3000;
set global ENABLE_STATEMENTS_SUMMARY=false;
set global ENABLE_AUTO_SAVEPOINT=false;
set global INNODB_ADAPTIVE_HASH_INDEX=off;
set global TABLE_OPEN_CACHE = 60000;
set global SHARE_READ_VIEW = false;
set global CONN_POOL_XPROTO_XPLAN = true;
set global NEW_SEQ_GROUPING_TIMEOUT=30000;
set global XPROTO_MAX_DN_WAIT_CONNECTION=3072000;
set global XPROTO_MAX_DN_CONCURRENT=3072000;
查看管理員帳號

eval pxc=pxc-product;eval user=$(kubectl get secret $pxc -o jsonpath={.data} | jq ‘keys[0]’); echo “User: $user”; kubectl get secret $KaTeX parse error: Expected '}', got 'EOF' at end of input: \dotsnpath="{.data['$ user’]}" | base64 -d - | xargs echo “Password:”
遺留問題：

V2.0：

監控和日志收集組件沒能正常啟動。

polardbx-logcollector filebeat-77qjk 0/1 ImagePullBackOff 0 24d
polardbx-logcollector filebeat-hkwdk 0/1 ImagePullBackOff 0 24d
polardbx-logcollector filebeat-zh6n9 0/1 ImagePullBackOff 0 24d
polardbx-logcollector logstash-58667b7d4-jkff8 1/1 Running 0 24d
polardbx-monitor grafana-55569cfd68-xcttq 0/1 ImagePullBackOff 0 24d
polardbx-monitor kube-state-metrics-658d95ff68-8sc4g 3/3 Running 0 24d
polardbx-monitor node-exporter-jh7jb 1/2 CrashLoopBackOff 12535 24d
polardbx-monitor node-exporter-lrc9v 0/2 CrashLoopBackOff 12529 24d
polardbx-monitor node-exporter-vf7sx 0/2 CrashLoopBackOff 12529 24d
polardbx-monitor node-exporter-x6t45 0/2 CrashLoopBackOff 12569 24d

filebeat、grafana為image.list提供的版本不對，重新下載正確版本后解決。

polardbx-monitor node-exporter，起不來是9100端口和宿主機上面的原的監控端口沖突，修改端口號解決。

查看

kubectl get ds -n polardbx-monitor

編輯

kubectl edit ds node-exporter -n polardbx-monitor

修改全部的9100為9111，保存退出

V2.4.0 ：
pxd download --env k8s --arch amd64 --repo “registry:5000” --dest /data/pxd/ -i images.list

這個下載鏡像腳步會由于新版的polardbx/polardbx-engine鏡像太大導致失敗

install時組件的的tag不對導致相關pod啟動失敗

vi /data/pxd/polardbx-install/helm/operator-values.yaml

修改imageTag: v1.6.0,再手動helm安裝operator

chmod +x /data/pxd/polardbx-install/helm/bin/helm

/data/pxd/polardbx-install/helm/bin/helm upgrade --install --create-namespace --namespace polardbx-operator-system polardbx-operator /data/pxd/polardbx-install/helm/polardbx-operator-1.6.1.tgz -f /data/pxd/polardbx-install/helm/operator-values.yaml

set global參數不能永久生效

kc get xstore 查看主節點
連入gms的pod

kubectl exec -it pxc-product-b8m6-gms-cand-0 – /bin/bash

myc
use polardbx_meta_db;
update user_priv set account_type=5 where user_name=‘admin’;
update config_listener set op_version = op_version + 1 where data_id = ‘polardbx.privilege.info’;