k8s模式部署PolarDB-X

当前文档适配PolarDB-X V2.4.0 版本
环境描述：

部署机（ops）1x2.2x.2x8.116，部署机需要可以访问互联网。使用ansible进行部署，自行安装ansible。需要部署两个k8s集群，分别在其上安装一个polardb-x集群。

在这里插入图片描述

部署步骤：
环境准备：
BIOS 设置

k8s集群的全部机器均需设置，不同类型 CPU 平台及服务器厂商的 BIOS 设置界面有较大区别。在部署数据库前，建议参考服务器厂商文档，检查以下 BIOS 参数是否设置正确：
在这里插入图片描述

安装ansible

登陆部署机
ssh 1x2.2x.2x8.116
yum install ansible python-netaddr -y
建立ansible配置文件
vi $HOME/all.ini

[all]
1x2.2x.2x8.116  # ops[k1]
1x2.2x.2x7.6 ansible_ssh_port=22
1x2.2x.2x7.7 ansible_ssh_port=22
1x2.2x.2x7.8 ansible_ssh_port=22
1x2.2x.2x7.9 ansible_ssh_port=22
[k2]
1x2.2x.2x7.5 ansible_ssh_port=22
1x2.2x.2x7.10 ansible_ssh_port=22
1x2.2x.2x7.11 ansible_ssh_port=22
1x2.2x.2x7.12 ansible_ssh_port=22[all:vars]
registry=1x2.2x.2x8.116

配置文件路径放入环境变量：

export ini_file=$HOME/all.ini
服务器免密

打通 ops 与所有服务器的免密登录：

生成 ssh 密钥

ssh-keygen -q -t rsa -N ‘’ -f ~/.ssh/id_rsa <<<y

自动添加 known_hosts

echo “StrictHostKeyChecking no” >> /etc/ssh/ssh_config

打通 ssh 免密, ini_file 指定上述服务器列表

ansible -i ${ini_file} all -m authorized_key -a " user=root key="{{ lookup(‘file’, ‘/root/.ssh/id_rsa.pub’) }} " " -u root --become-method=sudo --ask-become-pass --become -k
配置系统参数
配置时区/时钟

批量设置服务器时区，时钟。如果是生产环境部署，建议配置 NTP 服务以保证服务器时钟保持同步

ansible -i ${ini_file} all -m shell -a " timedatectl set-timezone Asia/Shanghai "
ansible -i ${ini_file} all -m shell -a " date -s ‘date '+%Y-%m-%d %H:%M:%S'’ "

完成后，用以下命令检查服务器时钟：

ansible -i ${ini_file} all -m shell -a " date ‘+%D %T.%6N’ "
配置 /etc/hosts

如果需安装私有 Docker 镜像仓库，需要修改服务器 /etc/hosts 文件，加入 registry 域名（本预研环境docker仓库就部署在116上）：

ansible -i ${ini_file} all -m shell -a " sed -i ‘/registry/d’ /etc/hosts "
ansible -i ${ini_file} all -m shell -a " echo ‘1x2.2x.2x8.116 registry’ >> /etc/hosts "
配置 sysctl.conf

vi $HOME/sysctl.conf
vm.swappiness = 0
net.ipv4.neigh.default.gc_stale_time=120

see details in https://help.aliyun.com/knowledge_detail/39428.html

net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce=2
net.ipv4.conf.all.arp_announce=2

see details in https://help.aliyun.com/knowledge_detail/41334.html

net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1

kernel.sysrq=1

net.core.somaxconn = 256
net.core.wmem_max = 262144

net.ipv4.tcp_keepalive_time = 20
net.ipv4.tcp_keepalive_probes = 60
net.ipv4.tcp_keepalive_intvl = 3

net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_fin_timeout = 15

#perf
kernel.perf_event_paranoid = 1

fs.aio-max-nr = 1048576

更新服务器 sysctl.conf 配置文件：

ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/sysctl.conf dest=/etc/sysctl.conf "

在服务器上加载最新配置：

ansible -i ${ini_file} all -m shell -a " sysctl -p /etc/sysctl.conf "
关闭防火墙

ansible -i ${ini_file} all -m shell -a " systemctl disable firewalld "
ansible -i ${ini_file} all -m shell -a " systemctl stop firewalld "
禁用 SELinux

vi $HOME/selinux

This file controls the state of SELinux on the system.

SELINUX= can take one of these three values:

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing.

disabled - No SELinux policy is loaded.

#SELINUX=enforcing
SELINUX=disabled

SELINUXTYPE= can take one of three values:

targeted - Targeted processes are protected,

minimum - Modification of targeted policy. Only selected processes are protected.

mls - Multi Level Security protection.

SELINUXTYPE=targeted

ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/selinux dest=/etc/selinux/config "

ansible -i ${ini_file} all -m shell -a " setenforce 0 "
禁用交换分区

ansible -i ${ini_file} all -m shell -a " swapoff -a "
ansible -i ${ini_file} all -m shell -a " sed -i ‘/=SWAP/d’ /etc/fstab "

配置K8s 部署对应目录的软链接
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/kubelet"
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/kubelet /var/lib/kubelet "
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/docker "
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/docker /var/lib/docker "
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/data-log "
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/data-log /data-log "
ansible -i ${ini_file} all -m shell -a " mkdir -p /data/polarx/filestream "
ansible -i ${ini_file} all -m shell -a " ln -s /data/polarx/filestream /filestream "
安装常用工具

ansible -i ${ini_file} all -m shell -a " yum install mysql -y "
ansible -i ${ini_file} all -m shell -a " yum install dstat iostat htop -y "

配置docker私有仓库

所有k8s相关节点安装docker

ansible -i ${ini_file} all -m shell -a " yum install docker-ce -y "
启动服务

使用私有 Dokcer 镜像仓库，要求在 daemon.json 加入以下配置：

cat > $HOME/daemon.json<< EOF

{
“exec-opts”: [“native.cgroupdriver=systemd”],
“insecure-registries”: [“registry:5000”]
}

EOF

ansible -i ${ini_file} all -m shell -a " mkdir /etc/docker "
ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/daemon.json dest=/etc/docker/daemon.json " -u root

ansible -i ${ini_file} all -m shell -a " systemctl daemon-reload "

ansible -i ${ini_file} all -m shell -a " systemctl enable docker "
ansible -i ${ini_file} all -m shell -a " systemctl restart docker "

ansible -i ${ini_file} all -m shell -a " docker ps -a "
启动镜像仓库

只需要在一台服务器上运行私有镜像仓库，通常我们选择在部署机（ops）上启动镜像仓库。部署方法非常简单，只需要 3 个步骤：

首先，下载 Docker 镜像仓库的容器镜像：

docker pull registry
运行以下命令创建 Docker 容器：

docker run -d --net=host -p 5000:5000 --restart=always --name registry registry
检查镜像仓库的 Docker 容器是否正常运行：

docker ps
部署工具下载和仓库镜像配置
安装pxd工具

yum update -y
yum install -y python3

python3 -m venv venv
source venv/bin/activate
pip install --upgrade pip
pip install -i https://mirrors.aliyun.com/pypi/simple/ --upgrade pxd

pxd version
配置部署工具和PolarDB-X 相关 Docker 镜像

mkdir /data/pxd
cd /data/pxd
vi images.list

polardbx/polardbx-sql:v2.4.0_5.4.19
polardbx/polardbx-engine:v2.4.0_8.4.19
polardbx/polardbx-cdc:v2.4.0_5.4.19
polardbx/polardbx-columnar:v2.4.0_5.4.19
polardbx/polardbx-operator:v1.6.0
polardbx/polardbx-exporter:v1.6.0
polardbx/polardbx-hpfs:v1.6.0
polardbx/polardbx-init:v1.6.0
polardbx/polardbx-clinic:v1.6.0
polardbx/xstore-tools:v1.6.0
polardbx/probe-proxy:v1.6.0
prom/mysqld-exporter:master
quay.io/prometheus/prometheus:v2.22.1
quay.io/prometheus/alertmanager:v0.21.0
quay.io/brancz/kube-rbac-proxy:v0.8.0
quay.io/prometheus/node-exporter:v1.0.1
quay.io/prometheus-operator/prometheus-operator:v0.44.1
quay.io/prometheus-operator/prometheus-config-reloader:v0.44.1
grafana/grafana:8.5.27
kubesphere/kube-state-metrics:v2.3.0
directxman12/k8s-prometheus-adapter:v0.8.2
polardbx/polardbx-logstash:latest
docker.elastic.co/beats/filebeat:8.9.0

执行下面命令保证images.list更新到最新

curl -s “https://polardbx-opensource.oss-cn-hangzhou.aliyuncs.com/scripts/get-version.sh” | sh
pxd download --env k8s --arch amd64 --repo “registry:5000” --dest /data/pxd/ -i images.list

配置k8s相关镜像

docker pull registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.0
docker pull registry.aliyuncs.com/google_containers/kube-proxy:v1.21.0
docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.0
docker pull registry.aliyuncs.com/google_containers/etcd:3.4.13-0
docker pull registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.0
docker pull registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.0
docker pull registry.aliyuncs.com/google_containers/pause:3.4.1
docker pull docker.io/calico/cni:v3.15.1
docker pull docker.io/calico/pod2daemon-flexvol:v3.15.1
docker pull docker.io/calico/node:v3.15.1
docker pull docker.io/calico/kube-controllers:v3.15.1
docker tag registry.aliyuncs.com/google_containers/kube-apiserver:v1.21.0 registry:5000/kube-apiserver:v1.21.0
docker tag registry.aliyuncs.com/google_containers/kube-proxy:v1.21.0 registry:5000/kube-proxy:v1.21.0
docker tag registry.aliyuncs.com/google_containers/coredns:v1.8.0 registry:5000/coredns/coredns:v1.8.0
docker tag registry.aliyuncs.com/google_containers/etcd:3.4.13-0 registry:5000/etcd:3.4.13-0
docker tag registry.aliyuncs.com/google_containers/kube-controller-manager:v1.21.0 registry:5000/kube-controller-manager:v1.21.0
docker tag registry.aliyuncs.com/google_containers/kube-scheduler:v1.21.0 registry:5000/kube-scheduler:v1.21.0
docker tag registry.aliyuncs.com/google_containers/pause:3.4.1 registry:5000/pause:3.4.1
docker tag docker.io/calico/cni:v3.15.1 registry:5000/calico/cni:v3.15.1
docker tag docker.io/calico/pod2daemon-flexvol:v3.15.1 registry:5000/calico/pod2daemon-flexvol:v3.15.1
docker tag docker.io/calico/node:v3.15.1 registry:5000/calico/node:v3.15.1
docker tag docker.io/calico/kube-controllers:v3.15.1 registry:5000/calico/kube-controllers:v3.15.1
docker push registry:5000/kube-apiserver:v1.21.0
docker push registry:5000/kube-proxy:v1.21.0
docker push registry:5000/coredns/coredns:v1.8.0
docker push registry:5000/etcd:3.4.13-0 
docker push registry:5000/kube-controller-manager:v1.21.0
docker push registry:5000/kube-scheduler:v1.21.0
docker push registry:5000/pause:3.4.1
docker push registry:5000/calico/node:v3.15.1
docker push registry:5000/calico/pod2daemon-flexvol:v3.15.1
docker push registry:5000/calico/cni:v3.15.1
docker push registry:5000/calico/kube-controllers:v3.15.1

安装k8s

在部署机（ops）上编辑 kubernetes.repo 配置文件：

vi $HOME/kubernetes.repo

[kubernetes]
name=Kubernetes
baseurl=https://mirrors.aliyun.com/kubernetes/yum/repos/kubernetes-el7-x86_64/
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://mirrors.aliyun.com/kubernetes/yum/doc/yum-key.gpg https://mirrors.aliyun.com/kubernetes/yum/doc/rpm-package-key.gpg

ansible -i ${ini_file} all -m synchronize -a " src=$ HOME/kubernetes.repo dest=/etc/yum.repos.d/ " -u root
服务部署

ansible -i ${ini_file} all -m shell -a " yum install --nogpgcheck -y kubelet-1.21.0 kubeadm-1.21.0 kubectl-1.21.0 "
启动主节点

登录规划的主节点

模拟数据中心A环境在253.5部署，模拟数据中心B环境在253.6部署

ssh 1x2.21.253.5

kubeadm init --image-repository=registry:5000 --kubernetes-version=v1.21.0 --pod-network-cidr=10.244.0.0/16 --v=5

253.6同上执行

253.5成功后结尾输出如下：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(i d - u) :$ (id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 1x2.2x.2x7.5:6443 --token ex75w9.xlbgj61avvywq2yp
–discovery-token-ca-cert-hash sha256:302744a4fa996a95f6f64406efbeb29b4da7feb03ce8d02c8c8e2bba01b9dad4

253.6成功后结尾输出如下：

Your Kubernetes control-plane has initialized successfully!

To start using your cluster, you need to run the following as a regular user:

mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(i d - u) :$ (id -g) $HOME/.kube/config

Alternatively, if you are the root user, you can run:

export KUBECONFIG=/etc/kubernetes/admin.conf

You should now deploy a pod network to the cluster.
Run “kubectl apply -f [podnetwork].yaml” with one of the options listed at:
https://kubernetes.io/docs/concepts/cluster-administration/addons/

Then you can join any number of worker nodes by running the following on each as root:

kubeadm join 1x2.2x.2x7.6:6443 --token 9yywt3.59cfgnaxw6xp0wzl
–discovery-token-ca-cert-hash sha256:13705e50c00591ce1838478dbc43ceb04ddb18dd2703d308bc10648766ca1685
加入工作节点

模拟数据中心A登陆工作节点(此步骤中心内逐个工作节点均需要执行)

ssh 1x2.2x.2x7.10

kubeadm join 1x2.2x.2x7.5:6443 --token ex75w9.xlbgj61avvywq2yp
–discovery-token-ca-cert-hash sha256:302744a4fa996a95f6f64406efbeb29b4da7feb03ce8d02c8c8e2bba01b9dad4

模拟数据中心B登陆工作节点(此步骤中心内逐个工作节点均需要执行)

ssh 1x2.2x.2x7.7

kubeadm join 1x2.2x.2x7.6:6443 --token 9yywt3.59cfgnaxw6xp0wzl
–discovery-token-ca-cert-hash sha256:13705e50c00591ce1838478dbc43ceb04ddb18dd2703d308bc10648766ca1685

这个join语句即是初始化主节点时最后输出的语句，如果token过了有效期，可以去主节点重新生成

kubeadm token create
配置 kubectl

在部署机（ops）安装 kubectl 客户端：

ssh 1x2.21.228.116

yum install kubectl-1.21.0 -y

kubectl工具管理k8s集群需要集群的配置文件/etc/kubernetes/admin.conf，为了同时管理模拟数据中心A和B的两个集群将两份文件都拷贝到ops机并文件合并为 /data/pxd/config-mdc，为kubectl自定义该控制文件路径时需要一个环境变量$KUBECONFIG

export KUBECONFIG=“/data/pxd/config-mdc”

scp 1x2.2x.2x7.5:/etc/kubernetes/admin.conf /data/pxd/config-dca

查看文件内容

vi /data/pxd/config-dca
apiVersion: v1
clusters:

cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EVXlOREF6TWpFd01sb1hEVE0wTURVeU1qQXpNakV3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTnJXClVnakVWS3o0Q2kybUJBbExqVkRZZmtUWStiQXZuNEdla093M3FtL0xtMjk5b2JBdW5sRVN0eGw5a0xuVHExSXIKNCtNRzhtamM0dlZRcU9wZHp2THF3anZnOHR4aGIrSnFpNTQyWUl3bEdEaTR6OTA5dllDVDliTDlBUWczVkxYZgo2cUpwbDhPSFdTMDBFNUNBTkJSc3E1VlNLMlh0c3dFL3p5NkliTTk3Vjd6N1l5cFRXa0FKdk1XTFowOEFwY0ZYCmp6a0piRjNac0gyQWt0VWhXNDBjaC9wTk9oUTREZFM0S2U4YU5PVFMzT3RhT2xvc2U2R2x0ZWxVbkxBL2x2MUUKOFRnT2YybFVoOHpzRDhlWlkya0FkdjIzZU1ieVF0RlBJbVpBMFJkQUthd0dqcGZ6U0xsZVo5ckJxNlY5b0c5ZQpoeGtKWldEdHpMQU5MVytXelMwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCUWluZUFxMm1aNStrVE0zY2gzdysxUVRiYmxNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCM0xrTCtDL2lpaFZIeXpPbUp2cENPTExTVHRDdmE0NDZzWWZVQnZ6OFlJKzVMT1RLSwpjc2xnaWxET1FEUTBFc2ZucUp3M2NtaytNLzhMc2o1VVlBeVp4SVRrbVFIbjdGRGJOdlBuckJrVmF4UGxrRGpiCjg5OGZJS0N6Q2NuN1g3aTFQZVVLMzVSSFZwVU5jSjNka0R3Yk9pUFBYbXJicWw3RU15K0s5eGk5RkY3UjdOTnEKUEVXNkJPQ0JwSEpGZTEwUFRtY1hLa1pkM2JvZHMxQnNHcXpFWG84QmtyYjE0WERqWXN4SUc4UEl3RVM2SlFBKwpuamtlUHpMQS9HblVFZnYvOHMwUDRhN3dPVUYvMkliUVpyZE15YXNxYlczTEFxV3J6V3g1OUVldDlYQmhxbTRwCmdCdlNxdVNwWmFEZGVSc0paeXIwUGpBaTVMZ3hvaG9BV0NORAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.5:6443
name: kubernetes
contexts:
context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWXV3WEdDbHF6N3N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBMU1qUXdNekl4TURKYUZ3MHlOVEExTWpRd016SXhNRFphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlMTUdHVVJXdTZnZzBmZjEKcGlxYnFqdXZGWlFOQm9iTlNtd1hpSDdqUkxPdmRrVzNwdkRSR0lmV1lvdGpNUDZydTdjVzRZbDBMeDIycEdodgpiRkhUWFFvUENmUzhOK1lsNEp3TFNqYnNBSDdpMW00NVVNNWZHenJlbHhqTjRHS0sxSVFPR2pwWjRyUkpZOHBZCmhSUExuRXBHWGpyVW0wWXZGYkFseW84bDFWQVZ5WTh6UzlUL0JKY0JvcjE0MHZtNkRXNDFFeEx0N2JRT0lCRGIKbmVtdWxDMFFmV1EzallKRUEvbFpRN0FUZ0tyblIzSGhZS0Z3enFmU2NDK1VyOVlnRWlwODRzODBQN0Q3a1ZZcApBVzdaYW5PZ2duYituaTFJSXlvY0FoTGVOQVRYbE9qaWJEc1RBUG44SS9qZHNmaksyVk82bXk4UkFyZnhsdXlXClVjL2VPUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRVUlwM2dLdHBtZWZwRXpOM0lkOFB0VUUyMgo1VEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBUEtLSG5VcFJ0b0ZXZEE5aFV6TmNaQy8rOXByc0lhZkwwVGplCm94aUpQWENYOGtyWTVzbko2M2IwemFNSEs1Rzh2OEJIYTFDT0V4VXp2c3JZY05oanBET2hZVUhSenNMN1FVUUMKQjVnclhuZmdSZGJrSzhkUkNINTN1UXpBLzZQRXZRbDVrYzMxbjd6Y1Y3eEM4L3lVSWpUaHdHUjUzZ3ZqSHhKSQozbzdRaHVYaTlPUmhnTWxVL3BCNkZ0amMvVzIvODNyaFdEdC9UOFhXSGNiUVRkQm0va0NLNnhubzJ4UnNPbEltClNTMnBsWUk1K2QyVGlGeFdVZmttaWRkSld0MzdGbC9KbURVaWpOUGZuUXAwd0dxRURuNG9nWlFmRFBFSE5IcWwKd000T3BSeHIwbVBhdkRiYnlDL0xKZGN6b1lxYzZLaGxZbURuSENDTk1aSkZMRHl0ZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeUxNR0dVUld1NmdnMGZmMXBpcWJxanV2RlpRTkJvYk5TbXdYaUg3alJMT3Zka1czCnB2RFJHSWZXWW90ak1QNnJ1N2NXNFlsMEx4MjJwR2h2YkZIVFhRb1BDZlM4TitZbDRKd0xTamJzQUg3aTFtNDUKVU01Zkd6cmVseGpONEdLSzFJUU9HanBaNHJSSlk4cFloUlBMbkVwR1hqclVtMFl2RmJBbHlvOGwxVkFWeVk4egpTOVQvQkpjQm9yMTQwdm02RFc0MUV4THQ3YlFPSUJEYm5lbXVsQzBRZldRM2pZSkVBL2xaUTdBVGdLcm5SM0hoCllLRnd6cWZTY0MrVXI5WWdFaXA4NHM4MFA3RDdrVllwQVc3WmFuT2dnbmIrbmkxSUl5b2NBaExlTkFUWGxPamkKYkRzVEFQbjhJL2pkc2ZqSzJWTzZteThSQXJmeGx1eVdVYy9lT1FJREFRQUJBb0lCQVFDQzErUHorUStxaS9QSgpyNlJnem9wcHN6dDBEKzlsLytBNjBybU03Vnh4WDh2V2lhRXZudlJTejh3K3RxeldObEh6c1d1alloOXkwQ1pRCmpSMkhPdGxYWU1WcE1qcTdIcm8yOHNTUmY3amdvZGgwLzZzeU9UamI0Y2RZTG4yWitlU1VvL3Nsc2tFRGdaSVAKRXM0ZkJFYkwvOGhjaW5JdFFOWlZoMTg3N1pNMnV6VFdwTXpzZHBPamh0bk1NTGRqaEtCK3lBRXQ1bnVIZmYrNQo1K2hzSXN1NC85aWtNNnduYWdMaUMxdEoydHZLYksvdW1JTVRGdmwxcmJ2MXJMVUwycHJkYjhVeDEvV2RocXhPCldnQ2NsYzhxTmN2bnBkTTduVGdhYzc1cG91cXUyVEdkRmVKb1FZUFJWcjFSTTJkaG1PTDA5cWZyZmwxcHdxazEKTmpBYUdYTmhBb0dCQVBXbmorZ01wZFJiSU41RWovTHorV1ZNdUxIWlRVcmJ0T3R0bW85Y05iSFowR0xsSzM5ZwpOMytKd0ExQXdmY2RhUldHbGhqV0F5RmpjcHhCVHo4Wi94dTg0ZXg4bmM4UU9uY0lOSDJWTXdaWWg5aVBiQ08xCksvTTJoL1BtWlBvajg5ZERaQTZQbjAvSURZMGY5OVhvNXVaT2pScU1qcEZxT21xUkJiWjVQZ21WQW9HQkFORW0KeXZEN0V1N3NwaXZodldLcG83QVUwU3VkdHc2RFZueWIwTmVNK1orTCtpUXJZQUs3RU4vTWttV2k5R2Q5MkdOSQpoT3NMUERrc2ZlMi9WTmdPZDF5VUF5MUFXc24zNVA0N2R6Wi9jOUw1V1hPc2hhZXlYdGJpdGs2MXpRdXVXdU5CCjFlOFFKalNqdHpsRlR4TUxORTQ1V2ZlTy9hQ2lDbVhSYUE4U0VZRVZBb0dBWEpoWGZ4RmRaSWtnLzRiNmQ0cU4KQkNrQ0tVK09lZHdNK3Z6cVdJVmFXL3FOT09uSEZwRXUraXp6TGt1dGtUY055Q1pkNTJpcjcyYnI2WWdZbGVGMwpybjNvN3RvZUpkR3BKL3I0eGlsNS9UZGJwVDZTZFhjeDVOQTJPTElzZDdrYmpaV0NYcGEyWnoweUZuTHBXVUViCjM4M1dGQjdORW5Ubkpnb2FEQ2p4UUcwQ2dZQlBjZ3JZYXFhUWR2ZlA1MW1HNXFVMHQxT1UyNzJ6RjVSOGxMdEoKaFZVMGsza2EwQmNTTW5pQWFqYVp3TUpScFczU21MTlVqTm45WmJjWDNmdWViakJNekRSQXRoZEdiSkZoT0xsWgp6Q1AwMlo1dTMvT005YVlzdmNVK05MU0VZV0JJdnJOQ3NjR3hjUmFoL0gvQzNoaXFOZ0xFbEY0bTdDWkM4cjR5CkswelcyUUtCZ1FDV2FhL1Nva3NuSnFCbytDMWhtZVY1a3VqWTA2R0JFRk10VXNIQ1k5YzlIUnEvMXFuMXJCR2wKb1pFbjFIQnJKZUJ5UWk5b0VrNXJWMm9UbWhXYUdOM3JiMDlxZGs3SFRwWEVtSlFJdXkwK2VnaVFnNUNxdENybgpjZlJaWlBCSjNPa0FIN3hoODAvUmJMRXkvUWRHZ2tKVkQ4b2FkWk54TVZjZFRUaklVL1V6amc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

scp 1x2.2x.2x7.6:/etc/kubernetes/admin.conf /data/pxd/config-dcb

查看文件内容

vi /data/pxd/config-dcb
apiVersion: v1
clusters:

cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1ERXpNVEE1TVRJMU5Gb1hEVE0wTURFeU9EQTVNVEkxTkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTC9tCnhxZ093ZG0yMW5ZdVkrT0ZGR2xDZk8rYTdjREJWdzBoVnZnM1dRTkNUZlVEMllicUlmYlhCa2crdVFkSWkzdTUKYUlLWHNxSjZYelc2MzZBYWtiYit3ZFZabVdXeDAxZ3lzbTg0ejRRRTlSZjdoV25GSmN4YTVRZjJjNmlaeFd0RQpEMGdqek1YMm5pMFBUS05oQzI4Y055U21yTGNOczIwcWpkOFYyVml5VE51TklVVjlUMWl0cjc2eUlDdTRtL3UyCm5qL054cUlPT0xjNHM0SWhoVW5vcno3VnR4b1lLRFZQOFlDMUFGNlJYMmMxSVV4MVg2aHg1NXVjVDIyblRtMFcKcG5vS2N5eGtxdUVXUVo5Qjc0bm1NQ2R3c2I1Yy90VTNhRUYzYTZhSmN6MjkvUGRqMlhpQ2lkRlh4MTd6aE1PUwp0ZWRiUXNHVDFKcEhVd1g0aEwwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOaENWVHI1bTBXc0tpUUpXQS80a00xVmN2RG5NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCQnF4TGdiSTg0aVpBQUlhbzZQR0k2UlFUQndoS1lMdnNWSkVuNTc1eWV2ZTlTdmd0OQo2c2lML0Jka2JscWc2c3BMTlZESTg4TVplRG02b01sVTVJa2lXSHpzd2dBeDNYdzY0LzdFNmtKQnlFUUlIdWNWCmJZOWRtMW5GZjV4bWpNVVhwUVl4V1poOWNBTXBUWWkrVnp1cm5lZ2pHK2laNHV2TW5QUTd0THBUQmU1WWxJZzIKYi9oWkZnMmczTUNHbU1LaWRWVEJ1MzM4RXdteDZTRVhMdTVvNlV1MHlMRWhZNVJTam90UWtsTHppclNXd245egovcFl3R3NDZE9sZzM5RFlmbmsvd2RZaEd1L2prdGZtaDRYY1cwZ1dJbEdaNDJFNE5ncWpEQk9VazFmdnhQUER0CnJFaEhNTlUrQVBoanhJdHRvdzVBNm93SFNHdzQrcTdPYWQ4UAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.6:6443
name: kubernetes
contexts:
context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWFZxMXZRbm54cEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBeE16RXdPVEV5TlRSYUZ3MHlOVEF4TXpBd09URXlOVGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZRMmFoRm1qN3NPY0duUS8KRkNhUmRUMCtTS05qUXpwWHJ6cGdDOFgrQ1hBdXBBTjFlWk13Mm0yTGR3VC9FZmpJeVY4SUNkMHd2a25KUWY0agpEQTNvMW1NR0RnSVBQamV6VzNObHAvR3d0MDdIYmlwaXNWdlY4aDQ5TEEyNXRLYmJuVi9wUU1CTXRlUHV1Y2VICk1sRmFjK1RzL2szNVdCS1gwUGhsUGZIYkJtMEkzZFdBWWU1NTFjVXArTDNYZjBNQ1g5b2RMOW1uSGxmVUR0Q08KM3Q3amdpY3I2ZmttRmJldGFGbE1NMXo3OUxrTlY5MFRhNUxCenZSOHo0OUhIMkdMTHJOT0FDOC9RNGRFeUV1MApiSklqT1VBMFdLaXh3blE2OWlBRlhPSlRSTmV3ZzdHVzVueEU5S1dlS2dCSHlyM1ZMb1kxTjlzYnNFTllCV1ZyCi8yZFowd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUWVFsVTYrWnRGckNva0NWZ1ArSkROVlhMdwo1ekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBVHpDNVF3RkR6ekVlRUNsdjJUaDBzRmZ6bllrTmlBOFBzZjJJCktEZGRDRFRQdHVrSU1mZXc4Q3JNV2hqbGo4MTVZTTc5UGlKSEp1YTVxVGRtN3Y3NGJuQ3ZBdDJZT25ubTc1Z2YKL08vTGFRdXdUUVhHTWNwa2xZYUVXS2ExRWVRS2cxVlV5aXAyMDhRNDd3RGlPcHdJWXBIL0l1MGRuTlM2eUZaMApENFhqUTk0ZVdsVVd4RXF2RGJqY0RVOVUvVjBZMzI4S1Rsc3ozbkNTZitsV0hROFRncHRzQU94UVhtd3BuR1YyCjNuVDdsL1VYZEpZVDFMWE8yUXRCdjZuZS8zaEYwVmEzbUcrRjR1Q1pDZHhkckxSL05xK3VSaC9QY04zWkhjY2sKRmR1NG5mbEQ3eFFrTzJGRUU3b0RONFM0bm1ZSVBadmtHVHlMd2p1eTZwVk1iTnk4WFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdlEyYWhGbWo3c09jR25RL0ZDYVJkVDArU0tOalF6cFhyenBnQzhYK0NYQXVwQU4xCmVaTXcybTJMZHdUL0Vmakl5VjhJQ2Qwd3ZrbkpRZjRqREEzbzFtTUdEZ0lQUGplelczTmxwL0d3dDA3SGJpcGkKc1Z2VjhoNDlMQTI1dEtiYm5WL3BRTUJNdGVQdXVjZUhNbEZhYytUcy9rMzVXQktYMFBobFBmSGJCbTBJM2RXQQpZZTU1MWNVcCtMM1hmME1DWDlvZEw5bW5IbGZVRHRDTzN0N2pnaWNyNmZrbUZiZXRhRmxNTTF6NzlMa05WOTBUCmE1TEJ6dlI4ejQ5SEgyR0xMck5PQUM4L1E0ZEV5RXUwYkpJak9VQTBXS2l4d25RNjlpQUZYT0pUUk5ld2c3R1cKNW54RTlLV2VLZ0JIeXIzVkxvWTFOOXNic0VOWUJXVnIvMmRaMHdJREFRQUJBb0lCQVFDWXlYYTRRYzNYK0NTZgp5SlQyRHhsOVc2cUxmK2lIKzQzRDR2U2ViendZbXA1SEZUaUtzYWRJMEVGblJoVnlpOUtSMUFpbUdDbjlqNXBrCmlDUUE2UGprMHBDaEg0NzhKSDRDaWFkOWJEbjZXMk9YcUErczhPQmVWWXZ3bjRNVytjY0JUL010em52d2dDNTkKM0VCcUxROWlISUJnSWRwREVIdTdlaFF3Vk5kRFA5UGFGTjVTV01XOHFSVHpRdFZyNVpLa05KM3hnZUhBcktQNApFdTZkNnRlazRHQ1JtY0pTUzRucUJRaFE4WDhNQTdwdHlQNFhKanloRUNNdXZKd3dYY3lRWlVQVmxkeHprWHI2Ck55ZVVsQjMwa20zQ3NxUzA4MUE1QjZ6L2kvaXMyRm92Z2NORDkwTjZ0WWlyanQ4TzJiS2xPVUV5emRUZjMyQ2UKVXJlUWdnNkJBb0dCQU1YOFVqU3J1VEFwcUMrdytMakxKb1BEMnNpMnJKc2V4eTkxTkxGNG50eUZqOWIydHlRNApRNFgzUU1DV2trdTVhTkVxUGpvK2dXeU02ODh1ZWYzM1o1Tms5bWxoSVZlOStaNVBlUTBoUFRoU2NvaTV1UkJiCnhRRDJJc091dlBMRmRQUmhLR3d1N2Q1WjN5WWFNaFFUaVN6RlhFTjJ1WjhZZlkvRG9YUGpSUGtUQW9HQkFQUnoKT0tnZi9IblBpYlRZNFBpdVA1b0ZRZXN5WnRCdDFQUnhxODFQVUVGTVJpNmJiSStNN2ljRXdZT09LcmFWeW1IUwpxeksvWUp4NHRkR0RTb3VPcUNZWFJDQUdOdkhHcTBDSmxacWpEZCs4NjVqYUtzeDdwWkdSeWVnV2I1M1pQUFBFCmprbFk4eTh1SzAwWHNPRTNUUmFVRXpoNHFMRkJCRnVQZVpmNlN2UkJBb0dBZkdOOTVuZXBmdmY5SWhHSEF0c24KMUlzOXJ2TU9XTnNxZThlZ2xvdlpDMldpcklVUEpXTndFUC82SDhXNkhuZGJ3bVpPK0ZzREI0YzJORkhYOVZiMgpMU1cycHhpT1VVa2JSbnBaN0lUZ3FMMHNGbmpSSzlUc1hpRkdVRGs5bnkydHdFZzJsRm1idXlJdDBBdVBRUXZSCkdGN2JDOHZRN1lMK2lFOTU1WXg1Ymg4Q2dZQkhEek42RkFwRnNxSGFNMjE2Zk5TNlJpcjZYdVZxVTNNak4rUDAKUThrVm9rR0lqTi9LL3ZHLzMrOE0rZ2ZLbWRLQ0MwWis4d2ozazFOdk94WXhhVi9SNnROLzU2NlRLK2hlVTJCcwoybGRQSWREdTF3UzMrbjJQeW15Q0RmdVdUQzhld1pXSEZ0ZGljSzVmczdKVVZjb1A5UzE5TGY0RHdOMnViQSt4CnNTMld3UUtCZ0h5cEl0MFpOUmxJNUZVVStKV0JTdkxMaHh4QTFMQUNzWVdXcWFIdCsxZ0RKcHowNEVIbmErVkQKZGtQd1N4NUc1UzFiTmhSc3RRS1g5S004YmozVGd1ai84VHY4aVBEbWdIbE9XczR5Lzg4WDgvbWVOWlN0bTErTwp4OXAxN2ZCNjYzaXF2WWdIeFFISFhVa3dOSXBuUGE5MW1kYjRKN0loaFRmd2cxWFYxWEZqCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==

合并cluster，context，user三项到一个文件config-mdc，这三部分的name属性需要改名不重复，查看修改合并后config-mdc的内容

vi /data/pxd/config-mdc
apiVersion: v1
clusters:

cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1EVXlOREF6TWpFd01sb1hEVE0wTURVeU1qQXpNakV3TWxvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTnJXClVnakVWS3o0Q2kybUJBbExqVkRZZmtUWStiQXZuNEdla093M3FtL0xtMjk5b2JBdW5sRVN0eGw5a0xuVHExSXIKNCtNRzhtamM0dlZRcU9wZHp2THF3anZnOHR4aGIrSnFpNTQyWUl3bEdEaTR6OTA5dllDVDliTDlBUWczVkxYZgo2cUpwbDhPSFdTMDBFNUNBTkJSc3E1VlNLMlh0c3dFL3p5NkliTTk3Vjd6N1l5cFRXa0FKdk1XTFowOEFwY0ZYCmp6a0piRjNac0gyQWt0VWhXNDBjaC9wTk9oUTREZFM0S2U4YU5PVFMzT3RhT2xvc2U2R2x0ZWxVbkxBL2x2MUUKOFRnT2YybFVoOHpzRDhlWlkya0FkdjIzZU1ieVF0RlBJbVpBMFJkQUthd0dqcGZ6U0xsZVo5ckJxNlY5b0c5ZQpoeGtKWldEdHpMQU5MVytXelMwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZCUWluZUFxMm1aNStrVE0zY2gzdysxUVRiYmxNQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCM0xrTCtDL2lpaFZIeXpPbUp2cENPTExTVHRDdmE0NDZzWWZVQnZ6OFlJKzVMT1RLSwpjc2xnaWxET1FEUTBFc2ZucUp3M2NtaytNLzhMc2o1VVlBeVp4SVRrbVFIbjdGRGJOdlBuckJrVmF4UGxrRGpiCjg5OGZJS0N6Q2NuN1g3aTFQZVVLMzVSSFZwVU5jSjNka0R3Yk9pUFBYbXJicWw3RU15K0s5eGk5RkY3UjdOTnEKUEVXNkJPQ0JwSEpGZTEwUFRtY1hLa1pkM2JvZHMxQnNHcXpFWG84QmtyYjE0WERqWXN4SUc4UEl3RVM2SlFBKwpuamtlUHpMQS9HblVFZnYvOHMwUDRhN3dPVUYvMkliUVpyZE15YXNxYlczTEFxV3J6V3g1OUVldDlYQmhxbTRwCmdCdlNxdVNwWmFEZGVSc0paeXIwUGpBaTVMZ3hvaG9BV0NORAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.5:6443
name: kubernetes-dca
cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM1ekNDQWMrZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFWTVJNd0VRWURWUVFERXdwcmRXSmwKY201bGRHVnpNQjRYRFRJME1ERXpNVEE1TVRJMU5Gb1hEVE0wTURFeU9EQTVNVEkxTkZvd0ZURVRNQkVHQTFVRQpBeE1LYTNWaVpYSnVaWFJsY3pDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDQVFvQ2dnRUJBTC9tCnhxZ093ZG0yMW5ZdVkrT0ZGR2xDZk8rYTdjREJWdzBoVnZnM1dRTkNUZlVEMllicUlmYlhCa2crdVFkSWkzdTUKYUlLWHNxSjZYelc2MzZBYWtiYit3ZFZabVdXeDAxZ3lzbTg0ejRRRTlSZjdoV25GSmN4YTVRZjJjNmlaeFd0RQpEMGdqek1YMm5pMFBUS05oQzI4Y055U21yTGNOczIwcWpkOFYyVml5VE51TklVVjlUMWl0cjc2eUlDdTRtL3UyCm5qL054cUlPT0xjNHM0SWhoVW5vcno3VnR4b1lLRFZQOFlDMUFGNlJYMmMxSVV4MVg2aHg1NXVjVDIyblRtMFcKcG5vS2N5eGtxdUVXUVo5Qjc0bm1NQ2R3c2I1Yy90VTNhRUYzYTZhSmN6MjkvUGRqMlhpQ2lkRlh4MTd6aE1PUwp0ZWRiUXNHVDFKcEhVd1g0aEwwQ0F3RUFBYU5DTUVBd0RnWURWUjBQQVFIL0JBUURBZ0trTUE4R0ExVWRFd0VCCi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZOaENWVHI1bTBXc0tpUUpXQS80a00xVmN2RG5NQTBHQ1NxR1NJYjMKRFFFQkN3VUFBNElCQVFCQnF4TGdiSTg0aVpBQUlhbzZQR0k2UlFUQndoS1lMdnNWSkVuNTc1eWV2ZTlTdmd0OQo2c2lML0Jka2JscWc2c3BMTlZESTg4TVplRG02b01sVTVJa2lXSHpzd2dBeDNYdzY0LzdFNmtKQnlFUUlIdWNWCmJZOWRtMW5GZjV4bWpNVVhwUVl4V1poOWNBTXBUWWkrVnp1cm5lZ2pHK2laNHV2TW5QUTd0THBUQmU1WWxJZzIKYi9oWkZnMmczTUNHbU1LaWRWVEJ1MzM4RXdteDZTRVhMdTVvNlV1MHlMRWhZNVJTam90UWtsTHppclNXd245egovcFl3R3NDZE9sZzM5RFlmbmsvd2RZaEd1L2prdGZtaDRYY1cwZ1dJbEdaNDJFNE5ncWpEQk9VazFmdnhQUER0CnJFaEhNTlUrQVBoanhJdHRvdzVBNm93SFNHdzQrcTdPYWQ4UAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
server: https://1x2.2x.2x7.6:6443
name: kubernetes-dcb
contexts:
context:
cluster: kubernetes-dca
user: kubernetes-admin-dca
name: adm@kube-dca
context:
cluster: kubernetes-dcb
user: kubernetes-admin-dcb
name: adm@kube-dcb
current-context: adm@kube-dca
kind: Config
preferences: {}
users:
name: kubernetes-admin-dca
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWXV3WEdDbHF6N3N3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBMU1qUXdNekl4TURKYUZ3MHlOVEExTWpRd016SXhNRFphTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXlMTUdHVVJXdTZnZzBmZjEKcGlxYnFqdXZGWlFOQm9iTlNtd1hpSDdqUkxPdmRrVzNwdkRSR0lmV1lvdGpNUDZydTdjVzRZbDBMeDIycEdodgpiRkhUWFFvUENmUzhOK1lsNEp3TFNqYnNBSDdpMW00NVVNNWZHenJlbHhqTjRHS0sxSVFPR2pwWjRyUkpZOHBZCmhSUExuRXBHWGpyVW0wWXZGYkFseW84bDFWQVZ5WTh6UzlUL0JKY0JvcjE0MHZtNkRXNDFFeEx0N2JRT0lCRGIKbmVtdWxDMFFmV1EzallKRUEvbFpRN0FUZ0tyblIzSGhZS0Z3enFmU2NDK1VyOVlnRWlwODRzODBQN0Q3a1ZZcApBVzdaYW5PZ2duYituaTFJSXlvY0FoTGVOQVRYbE9qaWJEc1RBUG44SS9qZHNmaksyVk82bXk4UkFyZnhsdXlXClVjL2VPUUlEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JRVUlwM2dLdHBtZWZwRXpOM0lkOFB0VUUyMgo1VEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBUEtLSG5VcFJ0b0ZXZEE5aFV6TmNaQy8rOXByc0lhZkwwVGplCm94aUpQWENYOGtyWTVzbko2M2IwemFNSEs1Rzh2OEJIYTFDT0V4VXp2c3JZY05oanBET2hZVUhSenNMN1FVUUMKQjVnclhuZmdSZGJrSzhkUkNINTN1UXpBLzZQRXZRbDVrYzMxbjd6Y1Y3eEM4L3lVSWpUaHdHUjUzZ3ZqSHhKSQozbzdRaHVYaTlPUmhnTWxVL3BCNkZ0amMvVzIvODNyaFdEdC9UOFhXSGNiUVRkQm0va0NLNnhubzJ4UnNPbEltClNTMnBsWUk1K2QyVGlGeFdVZmttaWRkSld0MzdGbC9KbURVaWpOUGZuUXAwd0dxRURuNG9nWlFmRFBFSE5IcWwKd000T3BSeHIwbVBhdkRiYnlDL0xKZGN6b1lxYzZLaGxZbURuSENDTk1aSkZMRHl0ZlE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBeUxNR0dVUld1NmdnMGZmMXBpcWJxanV2RlpRTkJvYk5TbXdYaUg3alJMT3Zka1czCnB2RFJHSWZXWW90ak1QNnJ1N2NXNFlsMEx4MjJwR2h2YkZIVFhRb1BDZlM4TitZbDRKd0xTamJzQUg3aTFtNDUKVU01Zkd6cmVseGpONEdLSzFJUU9HanBaNHJSSlk4cFloUlBMbkVwR1hqclVtMFl2RmJBbHlvOGwxVkFWeVk4egpTOVQvQkpjQm9yMTQwdm02RFc0MUV4THQ3YlFPSUJEYm5lbXVsQzBRZldRM2pZSkVBL2xaUTdBVGdLcm5SM0hoCllLRnd6cWZTY0MrVXI5WWdFaXA4NHM4MFA3RDdrVllwQVc3WmFuT2dnbmIrbmkxSUl5b2NBaExlTkFUWGxPamkKYkRzVEFQbjhJL2pkc2ZqSzJWTzZteThSQXJmeGx1eVdVYy9lT1FJREFRQUJBb0lCQVFDQzErUHorUStxaS9QSgpyNlJnem9wcHN6dDBEKzlsLytBNjBybU03Vnh4WDh2V2lhRXZudlJTejh3K3RxeldObEh6c1d1alloOXkwQ1pRCmpSMkhPdGxYWU1WcE1qcTdIcm8yOHNTUmY3amdvZGgwLzZzeU9UamI0Y2RZTG4yWitlU1VvL3Nsc2tFRGdaSVAKRXM0ZkJFYkwvOGhjaW5JdFFOWlZoMTg3N1pNMnV6VFdwTXpzZHBPamh0bk1NTGRqaEtCK3lBRXQ1bnVIZmYrNQo1K2hzSXN1NC85aWtNNnduYWdMaUMxdEoydHZLYksvdW1JTVRGdmwxcmJ2MXJMVUwycHJkYjhVeDEvV2RocXhPCldnQ2NsYzhxTmN2bnBkTTduVGdhYzc1cG91cXUyVEdkRmVKb1FZUFJWcjFSTTJkaG1PTDA5cWZyZmwxcHdxazEKTmpBYUdYTmhBb0dCQVBXbmorZ01wZFJiSU41RWovTHorV1ZNdUxIWlRVcmJ0T3R0bW85Y05iSFowR0xsSzM5ZwpOMytKd0ExQXdmY2RhUldHbGhqV0F5RmpjcHhCVHo4Wi94dTg0ZXg4bmM4UU9uY0lOSDJWTXdaWWg5aVBiQ08xCksvTTJoL1BtWlBvajg5ZERaQTZQbjAvSURZMGY5OVhvNXVaT2pScU1qcEZxT21xUkJiWjVQZ21WQW9HQkFORW0KeXZEN0V1N3NwaXZodldLcG83QVUwU3VkdHc2RFZueWIwTmVNK1orTCtpUXJZQUs3RU4vTWttV2k5R2Q5MkdOSQpoT3NMUERrc2ZlMi9WTmdPZDF5VUF5MUFXc24zNVA0N2R6Wi9jOUw1V1hPc2hhZXlYdGJpdGs2MXpRdXVXdU5CCjFlOFFKalNqdHpsRlR4TUxORTQ1V2ZlTy9hQ2lDbVhSYUE4U0VZRVZBb0dBWEpoWGZ4RmRaSWtnLzRiNmQ0cU4KQkNrQ0tVK09lZHdNK3Z6cVdJVmFXL3FOT09uSEZwRXUraXp6TGt1dGtUY055Q1pkNTJpcjcyYnI2WWdZbGVGMwpybjNvN3RvZUpkR3BKL3I0eGlsNS9UZGJwVDZTZFhjeDVOQTJPTElzZDdrYmpaV0NYcGEyWnoweUZuTHBXVUViCjM4M1dGQjdORW5Ubkpnb2FEQ2p4UUcwQ2dZQlBjZ3JZYXFhUWR2ZlA1MW1HNXFVMHQxT1UyNzJ6RjVSOGxMdEoKaFZVMGsza2EwQmNTTW5pQWFqYVp3TUpScFczU21MTlVqTm45WmJjWDNmdWViakJNekRSQXRoZEdiSkZoT0xsWgp6Q1AwMlo1dTMvT005YVlzdmNVK05MU0VZV0JJdnJOQ3NjR3hjUmFoL0gvQzNoaXFOZ0xFbEY0bTdDWkM4cjR5CkswelcyUUtCZ1FDV2FhL1Nva3NuSnFCbytDMWhtZVY1a3VqWTA2R0JFRk10VXNIQ1k5YzlIUnEvMXFuMXJCR2wKb1pFbjFIQnJKZUJ5UWk5b0VrNXJWMm9UbWhXYUdOM3JiMDlxZGs3SFRwWEVtSlFJdXkwK2VnaVFnNUNxdENybgpjZlJaWlBCSjNPa0FIN3hoODAvUmJMRXkvUWRHZ2tKVkQ4b2FkWk54TVZjZFRUaklVL1V6amc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
name: kubernetes-admin-dcb
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURJVENDQWdtZ0F3SUJBZ0lJWFZxMXZRbm54cEF3RFFZSktvWklodmNOQVFFTEJRQXdGVEVUTUJFR0ExVUUKQXhNS2EzVmlaWEp1WlhSbGN6QWVGdzB5TkRBeE16RXdPVEV5TlRSYUZ3MHlOVEF4TXpBd09URXlOVGRhTURReApGekFWQmdOVkJBb1REbk41YzNSbGJUcHRZWE4wWlhKek1Sa3dGd1lEVlFRREV4QnJkV0psY201bGRHVnpMV0ZrCmJXbHVNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZRMmFoRm1qN3NPY0duUS8KRkNhUmRUMCtTS05qUXpwWHJ6cGdDOFgrQ1hBdXBBTjFlWk13Mm0yTGR3VC9FZmpJeVY4SUNkMHd2a25KUWY0agpEQTNvMW1NR0RnSVBQamV6VzNObHAvR3d0MDdIYmlwaXNWdlY4aDQ5TEEyNXRLYmJuVi9wUU1CTXRlUHV1Y2VICk1sRmFjK1RzL2szNVdCS1gwUGhsUGZIYkJtMEkzZFdBWWU1NTFjVXArTDNYZjBNQ1g5b2RMOW1uSGxmVUR0Q08KM3Q3amdpY3I2ZmttRmJldGFGbE1NMXo3OUxrTlY5MFRhNUxCenZSOHo0OUhIMkdMTHJOT0FDOC9RNGRFeUV1MApiSklqT1VBMFdLaXh3blE2OWlBRlhPSlRSTmV3ZzdHVzVueEU5S1dlS2dCSHlyM1ZMb1kxTjlzYnNFTllCV1ZyCi8yZFowd0lEQVFBQm8xWXdWREFPQmdOVkhROEJBZjhFQkFNQ0JhQXdFd1lEVlIwbEJBd3dDZ1lJS3dZQkJRVUgKQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JUWVFsVTYrWnRGckNva0NWZ1ArSkROVlhMdwo1ekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBVHpDNVF3RkR6ekVlRUNsdjJUaDBzRmZ6bllrTmlBOFBzZjJJCktEZGRDRFRQdHVrSU1mZXc4Q3JNV2hqbGo4MTVZTTc5UGlKSEp1YTVxVGRtN3Y3NGJuQ3ZBdDJZT25ubTc1Z2YKL08vTGFRdXdUUVhHTWNwa2xZYUVXS2ExRWVRS2cxVlV5aXAyMDhRNDd3RGlPcHdJWXBIL0l1MGRuTlM2eUZaMApENFhqUTk0ZVdsVVd4RXF2RGJqY0RVOVUvVjBZMzI4S1Rsc3ozbkNTZitsV0hROFRncHRzQU94UVhtd3BuR1YyCjNuVDdsL1VYZEpZVDFMWE8yUXRCdjZuZS8zaEYwVmEzbUcrRjR1Q1pDZHhkckxSL05xK3VSaC9QY04zWkhjY2sKRmR1NG5mbEQ3eFFrTzJGRUU3b0RONFM0bm1ZSVBadmtHVHlMd2p1eTZwVk1iTnk4WFE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBdlEyYWhGbWo3c09jR25RL0ZDYVJkVDArU0tOalF6cFhyenBnQzhYK0NYQXVwQU4xCmVaTXcybTJMZHdUL0Vmakl5VjhJQ2Qwd3ZrbkpRZjRqREEzbzFtTUdEZ0lQUGplelczTmxwL0d3dDA3SGJpcGkKc1Z2VjhoNDlMQTI1dEtiYm5WL3BRTUJNdGVQdXVjZUhNbEZhYytUcy9rMzVXQktYMFBobFBmSGJCbTBJM2RXQQpZZTU1MWNVcCtMM1hmME1DWDlvZEw5bW5IbGZVRHRDTzN0N2pnaWNyNmZrbUZiZXRhRmxNTTF6NzlMa05WOTBUCmE1TEJ6dlI4ejQ5SEgyR0xMck5PQUM4L1E0ZEV5RXUwYkpJak9VQTBXS2l4d25RNjlpQUZYT0pUUk5ld2c3R1cKNW54RTlLV2VLZ0JIeXIzVkxvWTFOOXNic0VOWUJXVnIvMmRaMHdJREFRQUJBb0lCQVFDWXlYYTRRYzNYK0NTZgp5SlQyRHhsOVc2cUxmK2lIKzQzRDR2U2ViendZbXA1SEZUaUtzYWRJMEVGblJoVnlpOUtSMUFpbUdDbjlqNXBrCmlDUUE2UGprMHBDaEg0NzhKSDRDaWFkOWJEbjZXMk9YcUErczhPQmVWWXZ3bjRNVytjY0JUL010em52d2dDNTkKM0VCcUxROWlISUJnSWRwREVIdTdlaFF3Vk5kRFA5UGFGTjVTV01XOHFSVHpRdFZyNVpLa05KM3hnZUhBcktQNApFdTZkNnRlazRHQ1JtY0pTUzRucUJRaFE4WDhNQTdwdHlQNFhKanloRUNNdXZKd3dYY3lRWlVQVmxkeHprWHI2Ck55ZVVsQjMwa20zQ3NxUzA4MUE1QjZ6L2kvaXMyRm92Z2NORDkwTjZ0WWlyanQ4TzJiS2xPVUV5emRUZjMyQ2UKVXJlUWdnNkJBb0dCQU1YOFVqU3J1VEFwcUMrdytMakxKb1BEMnNpMnJKc2V4eTkxTkxGNG50eUZqOWIydHlRNApRNFgzUU1DV2trdTVhTkVxUGpvK2dXeU02ODh1ZWYzM1o1Tms5bWxoSVZlOStaNVBlUTBoUFRoU2NvaTV1UkJiCnhRRDJJc091dlBMRmRQUmhLR3d1N2Q1WjN5WWFNaFFUaVN6RlhFTjJ1WjhZZlkvRG9YUGpSUGtUQW9HQkFQUnoKT0tnZi9IblBpYlRZNFBpdVA1b0ZRZXN5WnRCdDFQUnhxODFQVUVGTVJpNmJiSStNN2ljRXdZT09LcmFWeW1IUwpxeksvWUp4NHRkR0RTb3VPcUNZWFJDQUdOdkhHcTBDSmxacWpEZCs4NjVqYUtzeDdwWkdSeWVnV2I1M1pQUFBFCmprbFk4eTh1SzAwWHNPRTNUUmFVRXpoNHFMRkJCRnVQZVpmNlN2UkJBb0dBZkdOOTVuZXBmdmY5SWhHSEF0c24KMUlzOXJ2TU9XTnNxZThlZ2xvdlpDMldpcklVUEpXTndFUC82SDhXNkhuZGJ3bVpPK0ZzREI0YzJORkhYOVZiMgpMU1cycHhpT1VVa2JSbnBaN0lUZ3FMMHNGbmpSSzlUc1hpRkdVRGs5bnkydHdFZzJsRm1idXlJdDBBdVBRUXZSCkdGN2JDOHZRN1lMK2lFOTU1WXg1Ymg4Q2dZQkhEek42RkFwRnNxSGFNMjE2Zk5TNlJpcjZYdVZxVTNNak4rUDAKUThrVm9rR0lqTi9LL3ZHLzMrOE0rZ2ZLbWRLQ0MwWis4d2ozazFOdk94WXhhVi9SNnROLzU2NlRLK2hlVTJCcwoybGRQSWREdTF3UzMrbjJQeW15Q0RmdVdUQzhld1pXSEZ0ZGljSzVmczdKVVZjb1A5UzE5TGY0RHdOMnViQSt4CnNTMld3UUtCZ0h5cEl0MFpOUmxJNUZVVStKV0JTdkxMaHh4QTFMQUNzWVdXcWFIdCsxZ0RKcHowNEVIbmErVkQKZGtQd1N4NUc1UzFiTmhSc3RRS1g5S004YmozVGd1ai84VHY4aVBEbWdIbE9XczR5Lzg4WDgvbWVOWlN0bTErTwp4OXAxN2ZCNjYzaXF2WWdIeFFISFhVa3dOSXBuUGE5MW1kYjRKN0loaFRmd2cxWFYxWEZqCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
配置容器网络

在安装容器网络前，Kubernetes 集群无法正常工作。容器网络的解决方案有多个选项，本方案使用基本 calico 网络的安装方式。

vi calico_v3.15.1.yaml

Source: calico/templates/calico-config.yaml

This ConfigMap is used to configure a self-hosted Calico installation.

kind: ConfigMap
apiVersion: v1
metadata:
name: calico-config
namespace: kube-system
data:

Typha is disabled.

typha_service_name: “none”

Configure the backend to use.

calico_backend: “bird”

Configure the MTU to use

veth_mtu: “1440”

The CNI network configuration to install on each node. The special

values in this config will be automatically populated.

cni_network_config: |-
{
“name”: “k8s-pod-network”,
“cniVersion”: “0.3.1”,
“plugins”: [
{
“type”: “calico”,
“log_level”: “info”,
“datastore_type”: “kubernetes”,
“nodename”: “KUBERNETES_NODE_NAME”,
“mtu”: CNI_MTU,
“ipam”: {
“type”: “calico-ipam”
},
“policy”: {
“type”: “k8s”
},
“kubernetes”: {
“kubeconfig”: “KUBECONFIG_FILEPATH”
}
},
{
“type”: “portmap”,
“snat”: true,
“capabilities”: {“portMappings”: true}
}
]
}

Source: calico/templates/kdd-crds.yaml

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: felixconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: FelixConfiguration
plural: felixconfigurations
singular: felixconfiguration

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamblocks.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMBlock
plural: ipamblocks
singular: ipamblock

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: blockaffinities.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BlockAffinity
plural: blockaffinities
singular: blockaffinity

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamhandles.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMHandle
plural: ipamhandles
singular: ipamhandle

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamconfigs.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMConfig
plural: ipamconfigs
singular: ipamconfig

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgppeers.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPPeer
plural: bgppeers
singular: bgppeer

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgpconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPConfiguration
plural: bgpconfigurations
singular: bgpconfiguration

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ippools.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPPool
plural: ippools
singular: ippool

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hostendpoints.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: HostEndpoint
plural: hostendpoints
singular: hostendpoint

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterinformations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: ClusterInformation
plural: clusterinformations
singular: clusterinformation

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworkpolicies.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkPolicy
plural: globalnetworkpolicies
singular: globalnetworkpolicy

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworksets.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkSet
plural: globalnetworksets
singular: globalnetworkset

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networkpolicies.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy

apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networksets.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkSet
plural: networksets
singular: networkset

apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (devel)
name: kubecontrollersconfigurations.crd.projectcalico.org
spec:
group: crd.projectcalico.org
names:
kind: KubeControllersConfiguration
listKind: KubeControllersConfigurationList
plural: kubecontrollersconfigurations
singular: kubecontrollersconfiguration
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: ‘APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources’
type: string
kind:
description: ‘Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds’
type: string
metadata:
type: object
spec:
description: KubeControllersConfigurationSpec contains the values of the
Kubernetes controllers configuration.
properties:
controllers:
description: Controllers enables and configures individual Kubernetes
controllers
properties:
namespace:
description: Namespace enables and configures the namespace controller.
Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
node:
description: Node enables and configures the node controller.
Enabled by default, set to nil to disable.
properties:
hostEndpoint:
description: HostEndpoint controls syncing nodes to host endpoints.
Disabled by default, set to nil to disable.
properties:
autoCreate:
description: ‘AutoCreate enables automatic creation of
host endpoints for every node. [Default: Disabled]’
type: string
type: object
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
syncLabels:
description: ‘SyncLabels controls whether to copy Kubernetes
node labels to Calico nodes. [Default: Enabled]’
type: string
type: object
policy:
description: Policy enables and configures the policy controller.
Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
serviceAccount:
description: ServiceAccount enables and configures the service
account controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
workloadEndpoint:
description: WorkloadEndpoint enables and configures the workload
endpoint controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform reconciliation
with the Calico datastore. [Default: 5m]’
type: string
type: object
type: object
etcdV3CompactionPeriod:
description: ‘EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]’
type: string
healthChecks:
description: ‘HealthChecks enables or disables support for health
checks [Default: Enabled]’
type: string
logSeverityScreen:
description: ‘LogSeverityScreen is the log severity above which logs
are sent to the stdout. [Default: Info]’
type: string
required:
- controllers
type: object
status:
description: KubeControllersConfigurationStatus represents the status
of the configuration. It’s useful for admins to be able to see the actual
config that was applied, which can be modified by environment variables
on the kube-controllers process.
properties:
environmentVars:
additionalProperties:
type: string
description: EnvironmentVars contains the environment variables on
the kube-controllers that influenced the RunningConfig.
type: object
runningConfig:
description: RunningConfig contains the effective config that is running
in the kube-controllers pod, after merging the API resource with
any environment variables.
properties:
controllers:
description: Controllers enables and configures individual Kubernetes
controllers
properties:
namespace:
description: Namespace enables and configures the namespace
controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
node:
description: Node enables and configures the node controller.
Enabled by default, set to nil to disable.
properties:
hostEndpoint:
description: HostEndpoint controls syncing nodes to host
endpoints. Disabled by default, set to nil to disable.
properties:
autoCreate:
description: ‘AutoCreate enables automatic creation
of host endpoints for every node. [Default: Disabled]’
type: string
type: object
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
syncLabels:
description: ‘SyncLabels controls whether to copy Kubernetes
node labels to Calico nodes. [Default: Enabled]’
type: string
type: object
policy:
description: Policy enables and configures the policy controller.
Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
serviceAccount:
description: ServiceAccount enables and configures the service
account controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
workloadEndpoint:
description: WorkloadEndpoint enables and configures the workload
endpoint controller. Enabled by default, set to nil to disable.
properties:
reconcilerPeriod:
description: ‘ReconcilerPeriod is the period to perform
reconciliation with the Calico datastore. [Default:
5m]’
type: string
type: object
type: object
etcdV3CompactionPeriod:
description: ‘EtcdV3CompactionPeriod is the period between etcdv3
compaction requests. Set to 0 to disable. [Default: 10m]’
type: string
healthChecks:
description: ‘HealthChecks enables or disables support for health
checks [Default: Enabled]’
type: string
logSeverityScreen:
description: ‘LogSeverityScreen is the log severity above which
logs are sent to the stdout. [Default: Info]’
type: string
required:
- controllers
type: object
type: object
type: object
served: true
storage: true

Source: calico/templates/rbac.yaml

Include a clusterrole for the kube-controllers component,

and bind it to the calico-kube-controllers serviceaccount.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
rules:

Nodes are watched to monitor for deletions.

apiGroups: [“”]
resources:
- nodes
  verbs:
- watch
- list
- get

Pods are queried to check for existence.

apiGroups: [“”]
resources:
- pods
  verbs:
- get

IPAM resources are manipulated when nodes are deleted.

apiGroups: [“crd.projectcalico.org”]
resources:
- ippools
  verbs:
- list
apiGroups: [“crd.projectcalico.org”]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
- hostendpoints
  verbs:
- get
- list
- create
- update
- delete

Needs access to update clusterinformations.

apiGroups: [“crd.projectcalico.org”]
resources:
- clusterinformations
- kubecontrollersconfigurations
  verbs:
- get
- create
- update

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-kube-controllers
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-kube-controllers
subjects:

kind: ServiceAccount
name: calico-kube-controllers
namespace: kube-system

Include a clusterrole for the calico-node DaemonSet,

and bind it to the calico-node serviceaccount.

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-node
rules:

The CNI plugin needs to get pods, nodes, and namespaces.

apiGroups: [“”]
resources:
- pods
- nodes
- namespaces
- configmaps
  verbs:
- get
apiGroups: [“”]
resources:
- endpoints
- services
  verbs:
Used to discover service IPs for advertisement.
- watch
- list
Used to discover Typhas.
- get
apiGroups: [“”]
resources:
- nodes/status
  verbs:
Needed for clearing NodeNetworkUnavailable flag.
- patch
Calico stores some configuration information in node annotations.
- update

Watch for changes to Kubernetes NetworkPolicies.

apiGroups: [“networking.k8s.io”]
resources:
- networkpolicies
  verbs:
- watch
- list

Used by Calico for policy information.

apiGroups: [“”]
resources:
- pods
- namespaces
- serviceaccounts
  verbs:
- list
- watch

The CNI plugin patches pods/status.

apiGroups: [“”]
resources:
- pods/status
  verbs:
- patch

Calico monitors various CRDs for config.

apiGroups: [“crd.projectcalico.org”]
resources:
- globalfelixconfigs
- felixconfigurations
- bgppeers
- globalbgpconfigs
- bgpconfigurations
- ippools
- ipamblocks
- globalnetworkpolicies
- globalnetworksets
- networkpolicies
- networksets
- clusterinformations
- hostendpoints
  verbs:
- get
- list
- watch

Calico must create and update some CRDs on startup.

apiGroups: [“crd.projectcalico.org”]
resources:
- ippools
- felixconfigurations
- clusterinformations
  verbs:
- create
- update

Calico stores some configuration information on the node.

apiGroups: [“”]
resources:
- nodes
  verbs:
- get
- list
- watch

These permissions are only requried for upgrade from v2.6, and can

be removed after upgrade or on fresh installations.

apiGroups: [“crd.projectcalico.org”]
resources:
- bgpconfigurations
- bgppeers
  verbs:
- create
- update

These permissions are required for Calico CNI to perform IPAM allocations.

apiGroups: [“crd.projectcalico.org”]
resources:
- blockaffinities
- ipamblocks
- ipamhandles
  verbs:
- get
- list
- create
- update
- delete
apiGroups: [“crd.projectcalico.org”]
resources:
- ipamconfigs
  verbs:
- get

Block affinities must also be watchable by confd for route aggregation.

apiGroups: [“crd.projectcalico.org”]
resources:
- blockaffinities
  verbs:
- watch

The Calico IPAM migration needs to get daemonsets. These permissions can be

removed if not upgrading from an installation using host-local IPAM.

apiGroups: [“apps”]
resources:
- daemonsets
  verbs:
- get

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: calico-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:

kind: ServiceAccount
name: calico-node
namespace: kube-system

Source: calico/templates/calico-node.yaml

This manifest installs the calico-node container, as well

as the CNI plugins and network config on

each master and worker node in a Kubernetes cluster.

kind: DaemonSet
apiVersion: apps/v1
metadata:
name: calico-node
namespace: kube-system
labels:
k8s-app: calico-node
spec:
selector:
matchLabels:
k8s-app: calico-node
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
k8s-app: calico-node
annotations:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
scheduler.alpha.kubernetes.io/critical-pod: ‘’
spec:
nodeSelector:
beta.kubernetes.io/os: linux
hostNetwork: true
tolerations:
# Make sure calico-node gets scheduled on all nodes.
- effect: NoSchedule
operator: Exists
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
serviceAccountName: calico-node
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a “force
# deletion”: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
terminationGracePeriodSeconds: 0
priorityClassName: system-node-critical
initContainers:
# This container performs upgrade from host-local IPAM to calico-ipam.
# It can be deleted if this is a fresh installation, or if you have already
# upgraded to use calico-ipam.
- name: upgrade-ipam
image: registry:5000/calico/cni:v3.15.1
command: [“/opt/cni/bin/calico-ipam”, “-upgrade”]
env:
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CALICO_NETWORKING_BACKEND
valueFrom:
configMapKeyRef:
name: calico-config
key: calico_backend
volumeMounts:
- mountPath: /var/lib/cni/networks
name: host-local-net-dir
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
securityContext:
privileged: true
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: registry:5000/calico/cni:v3.15.1
command: [“/install-cni.sh”]
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: “10-calico.conflist”
# The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG
valueFrom:
configMapKeyRef:
name: calico-config
key: cni_network_config
# Set the hostname based on the k8s node name.
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# CNI MTU Config variable
- name: CNI_MTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# Prevents the container from sleeping forever.
- name: SLEEP
value: “false”
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
securityContext:
privileged: true
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API.
- name: flexvol-driver
image: registry:5000/calico/pod2daemon-flexvol:v3.15.1
volumeMounts:
- name: flexvol-driver-host
mountPath: /host/driver
securityContext:
privileged: true
containers:
# Runs calico-node container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: calico-node
image: registry:5000/calico/node:v3.15.1
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
value: “kubernetes”
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: “true”
# Set based on the k8s node name.
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Choose the backend to use.
- name: CALICO_NETWORKING_BACKEND
valueFrom:
configMapKeyRef:
name: calico-config
key: calico_backend
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: “k8s,bgp”
# Auto-detect the BGP IP address.
- name: IP
value: “autodetect”
# Enable IPIP
- name: CALICO_IPV4POOL_IPIP
value: “Always”
# Set MTU for tunnel device used if ipip is enabled
- name: FELIX_IPINIPMTU
valueFrom:
configMapKeyRef:
name: calico-config
key: veth_mtu
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
- name: CALICO_IPV4POOL_CIDR
value: “192.168.0.0/16”
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: “true”
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: “ACCEPT”
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: “false”
# Set Felix logging to “info”
- name: FELIX_LOGSEVERITYSCREEN
value: “info”
- name: FELIX_HEALTHENABLED
value: “true”
securityContext:
privileged: true
resources:
requests:
cpu: 250m
livenessProbe:
exec:
command:
- /bin/calico-node
- -felix-live
- -bird-live
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
exec:
command:
- /bin/calico-node
- -bird-ready
- -felix-ready
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- mountPath: /var/run/calico
name: var-run-calico
readOnly: false
- mountPath: /var/lib/calico
name: var-lib-calico
readOnly: false
- name: policysync
mountPath: /var/run/nodeagent
volumes:
# Used by calico-node.
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run-calico
hostPath:
path: /var/run/calico
- name: var-lib-calico
hostPath:
path: /var/lib/calico
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
# Used to install CNI.
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
# Mount in the directory for host-local IPAM allocations. This is
# used when upgrading from host-local to calico-ipam, and can be removed
# if not using the upgrade-ipam init container.
- name: host-local-net-dir
hostPath:
path: /var/lib/cni/networks
# Used to create per-pod Unix Domain Sockets
- name: policysync
hostPath:
type: DirectoryOrCreate
path: /var/run/nodeagent
# Used to install Flex Volume Driver
- name: flexvol-driver-host
hostPath:
type: DirectoryOrCreate
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds

apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-node
namespace: kube-system

Source: calico/templates/calico-kube-controllers.yaml

See https://github.com/projectcalico/kube-controllers

apiVersion: apps/v1
kind: Deployment
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
spec:

The controllers can only have a single active instance.

replicas: 1
selector:
matchLabels:
k8s-app: calico-kube-controllers
strategy:
type: Recreate
template:
metadata:
name: calico-kube-controllers
namespace: kube-system
labels:
k8s-app: calico-kube-controllers
annotations:
scheduler.alpha.kubernetes.io/critical-pod: ‘’
spec:
nodeSelector:
beta.kubernetes.io/os: linux
tolerations:
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- key: node-role.kubernetes.io/master
effect: NoSchedule
serviceAccountName: calico-kube-controllers
priorityClassName: system-cluster-critical
containers:
- name: calico-kube-controllers
image: registry:5000/calico/kube-controllers:v3.15.1
env:
# Choose which controllers to run.
- name: ENABLED_CONTROLLERS
value: node
- name: DATASTORE_TYPE
value: kubernetes
readinessProbe:
exec:
command:
- /usr/bin/check-status
- -r

apiVersion: v1
kind: ServiceAccount
metadata:
name: calico-kube-controllers
namespace: kube-system

Source: calico/templates/calico-etcd-secrets.yaml

Source: calico/templates/calico-typha.yaml

Source: calico/templates/configure-canal.yaml

配置数据中心A的k8s集群的calico网络

设置kubectl 控制的集群切换到adm@kube-dca的上下文，即控制1x2.2x.2x7.5为主节点的集群

kubectl config --kubeconfig=/data/pxd/config-mdc use-context adm@kube-dca

切换后，查看当前集群的节点是否是想设置的集群

kubectl get nodes -o wide

kubectl apply -f calico_v3.15.1.yaml

检查 calico 容器是否创建：

kubectl -n kube-system get pods -o wide

耐心等待容器进入 Running 状态后，检查所有 Kubernetes 节点是否处于 “Ready”：

kubectl get nodes -o wide
配置数据中心B的k8s集群的calico网络

设置kubectl 控制的集群切换到adm@kube-dcb的上下文，即控制1x2.2x.2x7.6为主节点的集群

kubectl config use-context adm@kube-dcb

切换后，查看当前集群的节点是否是想设置的集群

kubectl get nodes -o wide

重复上诉设置A集群时的步骤完成B集群的calico网络配置
基于k8s部署PolarDB-X

先部署A集群
安装前置工具和启动PolarDB-X集群相关的容器

切换到控制A集群

kubectl config use-context adm@kube-dca

kubectl get nodes -o wide

cd /data/pxd/polardbx-install
sh install.sh

检查容器启动是否成功：

kubectl get pods -n polardbx-operator-system
部署PolarDB-X

查看配置文件模版

kubectl get pxpt -A
返回：
NAMESPACE NAME AGE
polardbx-operator-system product-57 80m
polardbx-operator-system product-80 80m
polardbx-operator-system product-8032 80m
上面列出用于配置PolarDB-X的模版，在后续部署集群的拓扑文件里面需要指定该模版，polardb-x 2.4版使用product-8032。

编辑集群拓扑配置文件：
vi polarx_lite.yaml
apiVersion: polardbx.aliyun.com/v1
kind: PolarDBXCluster
metadata:
name: pxc-product
spec:

PolarDB-X 初始账号密码

privileges:

username: admin
password: “123456”
type: SUPER

配置模板，采用生产配置

parameterTemplate:
name: product-8032

PolarDB-X 集群配置

config:
# CN 相关配置
cn:
# 静态配置
static:
# 使用新 RPC 协议
RPCProtocolVersion: 2

PolarDB-X 集群拓扑

topology:
# 集群部署规则

rules:

# 预定义节点选择器

selectors:

- name: node-cn

nodeSelector:

nodeSelectorTerms:

- matchExpressions:

- key: polardbx/node

operator: In

values:

- cn

- name: node-dn

nodeSelector:

nodeSelectorTerms:

- matchExpressions:

- key: polardbx/node

operator: In

values:

- dn

components:

# DN 部署规则

dn:

nodeSets:

- name: cands

role: Candidate

replicas: 2

selector:

reference: node-dn

- name: log

role: Voter

replicas: 1

selector:

reference: node-dn

# CN 部署规则

cn:

- name: cn

selector:

reference: node-cn

nodes:# GMS 规格配置gms:template:# 存储节点镜像image: registry:5000/polardbx-engine:v2.4.0_8.4.19# 使用宿主机网络hostNetwork: true# gms 的资源规格resources:requests:cpu: 1memory: 8Gilimits:cpu: 2memory: 8Gi# DN 规格配置dn:# DN 数量配置replicas: 3template:image: registry:5000/polardbx-engine:v2.4.0_8.4.19# 使用宿主机网络hostNetwork: true# dn 的资源规格resources:requests:cpu: 1memory: 32Gilimits:cpu: 4memory: 32Gi# CN 规格配置cn:# CN 数量配置replicas: 2template:image: registry:5000/polardbx-sql:v2.4.0_5.4.19# 使用宿主机网络hostNetwork: trueresources:requests:cpu: 2memory: 16Gilimits:cpu: 4memory: 16Gicdc:# CDC 数量配置replicas: 2template:image: registry:5000/polardbx-cdc:v2.4.0_5.4.19# 使用宿主机网络hostNetwork: trueresources:requests:cpu: 1memory: 8Gilimits:cpu: 2memory: 8Gi

执行如下命令将 product-8032 参数模板拷贝到 default 命名空间
kubectl get pxpt product-8032 -n polardbx-operator-system -o json | jq ‘.metadata.namespace = “default”’ | kubectl apply -f -
运行以下命令在 Kubernetes 集群部署 PolarDB-X 数据库：

kubectl create -f polarx_lite.yaml

检查容器 Pod 状态，直到所有容器显示 “Running”：

kubectl get pods

用以下命令确认 PolarDB-X 数据库状态：

kubectl get pxc pxc-product

调整容器分布

vi rebalance.yaml
apiVersion: polardbx.aliyun.com/v1
kind: SystemTask
metadata:
name: rbsystemtask
spec:
taskType: “BalanceResource”

创建 Rebalance 任务：

kubectl apply -f rebalance.yaml

观察任务状态：

kubectl get SystemTask -w

当任务状态显示 Success, 代表自动调整任务已完成。

观察pod是否分布均匀

kubectl get pods -o wide
切换访问方式

在 Kubernetes 集群内，PolarDB-X 数据库通常使用 Cluster-IP 方式提供服务。但是在 Kubernetes 集群外部的服务器无法访问 Cluster-IP，这时需要调整 PolarDB-X 配置，使用 NodePort 方式提供服务。运行以下命令：

kubectl edit svc pxc-product

进入 Yaml 编辑模式，修改子项 spec: type: ClusterIP 内容为 NodePort，保存退出编辑

kubectl get svc pxc-product
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
pxc-product NodePort 10.109.12.187 3306:32402/TCP,8081:30698/TCP 43h
mysql -h 1x2.2x.2x7.11 -P32402 -u admin -p123456 -Ac

kubectl edit pxc pxc-product
进入 Yaml 编辑模式，修改子项 serviceType: ClusterIP 内容为 NodePort，保存退出编辑，保证元数据记录的服务模式和服务一致。

再部署B级群，切换到控制B集群

kubectl config use-context adm@kube-dcb

kubectl get nodes -o wide

重复上述的部署步骤完成B集群部署
参数调优
set ENABLE_SET_GLOBAL = true;
set global RECORD_SQL=false;
set global MPP_METRIC_LEVEL=0;
set global ENABLE_CPU_PROFILE=false;
set global ENABLE_BACKGROUND_STATISTIC_COLLECTION=false;
set global ENABLE_STATISTIC_FEEDBACK=false;
set global ENABLE_DEADLOCK_DETECTION=false;
set global ENABLE_TRANS_LOG=false;
set global GROUP_PARALLELISM=1;
set global CONN_POOL_MAX_POOL_SIZE=3000;
set global ENABLE_STATEMENTS_SUMMARY=false;
set global ENABLE_AUTO_SAVEPOINT=false;
set global INNODB_ADAPTIVE_HASH_INDEX=off;
set global TABLE_OPEN_CACHE = 60000;
set global SHARE_READ_VIEW = false;
set global CONN_POOL_XPROTO_XPLAN = true;
set global NEW_SEQ_GROUPING_TIMEOUT=30000;
set global XPROTO_MAX_DN_WAIT_CONNECTION=3072000;
set global XPROTO_MAX_DN_CONCURRENT=3072000;
查看管理员帐号

eval pxc=pxc-product;eval user=$(kubectl get secret $pxc -o jsonpath={.data} | jq ‘keys[0]’); echo “User: $user”; kubectl get secret $KaTeX parse error: Expected '}', got 'EOF' at end of input: \dotsnpath="{.data['$ user’]}" | base64 -d - | xargs echo “Password:”
遗留问题：

V2.0：

监控和日志收集组件没能正常启动。

polardbx-logcollector filebeat-77qjk 0/1 ImagePullBackOff 0 24d
polardbx-logcollector filebeat-hkwdk 0/1 ImagePullBackOff 0 24d
polardbx-logcollector filebeat-zh6n9 0/1 ImagePullBackOff 0 24d
polardbx-logcollector logstash-58667b7d4-jkff8 1/1 Running 0 24d
polardbx-monitor grafana-55569cfd68-xcttq 0/1 ImagePullBackOff 0 24d
polardbx-monitor kube-state-metrics-658d95ff68-8sc4g 3/3 Running 0 24d
polardbx-monitor node-exporter-jh7jb 1/2 CrashLoopBackOff 12535 24d
polardbx-monitor node-exporter-lrc9v 0/2 CrashLoopBackOff 12529 24d
polardbx-monitor node-exporter-vf7sx 0/2 CrashLoopBackOff 12529 24d
polardbx-monitor node-exporter-x6t45 0/2 CrashLoopBackOff 12569 24d

filebeat、grafana为image.list提供的版本不对，重新下载正确版本后解决。

polardbx-monitor node-exporter，起不来是9100端口和宿主机上面的原的监控端口冲突，修改端口号解决。

查看

kubectl get ds -n polardbx-monitor

编辑

kubectl edit ds node-exporter -n polardbx-monitor

修改全部的9100为9111，保存退出

V2.4.0 ：
pxd download --env k8s --arch amd64 --repo “registry:5000” --dest /data/pxd/ -i images.list

这个下载镜像脚步会由于新版的polardbx/polardbx-engine镜像太大导致失败

install时组件的的tag不对导致相关pod启动失败

vi /data/pxd/polardbx-install/helm/operator-values.yaml

修改imageTag: v1.6.0,再手动helm安装operator

chmod +x /data/pxd/polardbx-install/helm/bin/helm

/data/pxd/polardbx-install/helm/bin/helm upgrade --install --create-namespace --namespace polardbx-operator-system polardbx-operator /data/pxd/polardbx-install/helm/polardbx-operator-1.6.1.tgz -f /data/pxd/polardbx-install/helm/operator-values.yaml

set global参数不能永久生效

kc get xstore 查看主节点
连入gms的pod

kubectl exec -it pxc-product-b8m6-gms-cand-0 – /bin/bash

myc
use polardbx_meta_db;
update user_priv set account_type=5 where user_name=‘admin’;
update config_listener set op_version = op_version + 1 where data_id = ‘polardbx.privilege.info’;